Generic Add-ons for
SIEM Integration

Easily integrate Netwrix Auditor with any SIEM solution through a RESTful API using one of our free add-ons. Choose the add-on designed for the format of input data your SIEM supports.

CEF Export Add-on

Use this add-on to integrate Netwrix Auditor with any SIEM solution that supports input data in .CEF format.

Event Log Export Add-on

Use this add-on to integrate Netwrix Auditor with any SIEM solution that supports input data in event log format.
These add-ons work only in combination with Netwrix Auditor,
so make sure you have Netwrix Auditor installed.
Enrich Your SIEM Data with Human-Readable Context
Bring more context to your SIEM output data and get comprehensible reports with details on every change with before and after values and data access attempt. Netwrix Auditor’s AuditAssurance™ technology maximizes signal-to-noise ratio in the audit data and transforms disparate arrays of raw logs into actionable intelligence.
Investigate Suspicious Insider Activity Faster
Spend less time investigating SIEM alerts on anomalous user behavior. Actionable security analytics empower you to quickly investigate unusual activity and mitigate risk, as well as determine how to prevent similar problems in the future.
Increase the ROI of your SIEM
Minimize the volume of indexed data by feeding your SIEM with actionable audit intelligence and make your SIEM more cost effective.

Getting Started with the Generic Add-on for SIEM Integration

To integrate Netwrix Auditor with your SIEM solution, take the following steps:
INTEGRATION STEPS
  1. Ensure that:
    • Netwrix Auditor is installed, and its Audit Database is configured and contains audit data.
    • The execution policy for PowerShell scripts is set to Unrestricted.
  2. Get the script running:
    • Right-click the script and select Edit. The Windows PowerShell ISE will start.
    • If you don't use the default port (9699), update the port number in the script.
    • If you want to use event log export, customize the event log name ("Netwrix_Auditor_Activity") and source ("Netwrix_Auditor_WebAPI").
    • Save the script.
    • Run the script and wait for it to execute.
  3. See the results:
    CEF Export
    • Navigate to the CEF file location and open it.
    • Review the changes and data access events from your SIEM solution, exported from the Audit Database into a CEF file.
    Event Log Export
    • Navigate to Start All Programs Event Viewer.
    • In the Event Viewer dialog, go to Event Viewer (local) Applications and Services Logs Netwrix_Auditor_Activity log.
    • Review the events from your SIEM solution, exported from the Audit Database into event log format.

Need more help getting
started with your add-on?

Review detailed instructions for installing and configuring the add-ons in the guides below.