Data Collecting Account
The data collecting account is a service account that Netwrix 1Secure uses to collect audit data from the monitored items (domains, OUs, servers, etc.). Netwrix recommends creating a dedicated service account for that purpose. Depending on the data source and connector, the account must meet the corresponding requirements (see the table below).
You can use group Managed Service Account (gMSA) as data collecting account. See the Using Group Managed Service Account (gMSA) topic for additional information.
Currently, the following data sources are supported:
| Data source | Provided connectors | Required rights and permissions: |
|---|---|---|
| Active Directory | Active Directory Activity Active Directory Logons | Active Directory Auditing Logon Activity Auditing |
| Azure AD | Azure AD Activity Azure AD Logons | Microsoft Entra ID Auditing |
| Computer | File Server Activity | Computer Auditing |
| SharePoint Online | SharePoint Online Activity | SharePoint Online Auditing |
| Exchange Online | Exchange Online Activity | Exchange Online Auditing |
Data Collection Workflow
The Netwrix 1Secure data collection workflow is as follows:
Step 1 – Add organizations. See the Add Organizations topic for additional information.
Step 2 – Install the agent. See the Install Agent topic for additional information.
Once you have added the organization and selected the domain for collecting the data, Netwrix 1Secure starts collecting audit data from the managed Active Directory, Azure AD domain, a computer, an Exchange Online, or a SharePoint Online collection.