Banks, credit unions, insurance companies,
Warning: "You have some necessary audit success/failed flags not set"
|Symptoms||The audit report from Netwrix Auditor for File Servers contains the following warning: "You have some necessary audit success/failed flags not set".
Alternatively, the opposite error can be received: " You have some unnecessary audit success/failed flags set'.
|Cause||This warning indicates that some audit settings on monitored shares are not set correctly. This means that auditing flags on a share do not correspond with Netwrix Auditor's settings.
There are 4 types of activities that can be monitored, and each one requires its own audit flags to be set.
Incorrect audit flags may result in missing audit events or flooding the security log with unnecessary events.
|Resolution||To resolve the issue and get rid of the warning, you will need to configure auditing on shares properly.
See the following article for details: https://helpcenter.netwrix.com/Configure_IT_Infrastructure/File_Servers/Windows_Shares/WSh_Object_Level_Access.html