Fetch, Sync & show past data as of custom data/time of the customer

muhammad.ammar · October 21, 2025, 9:08am

What is a one sentence summary of your feature request?

Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.

Netwrix Auditor only captures activity from the point of installation and the configuration of data sources / endpoints to be scanned within the monitoring plans. It will not look back at historical events that are recorded in event logs (with the exception of AD Logon Activity audit, this will aim to gather the past few hours from the point of setup).
An organization with a large dataset if needs to search for incidents happened in past or tries to go for collecting data for disaster recovery operations using auditor, it would’nt find any old data

How do you currently solve the challenges you have by not having this feature?

No Solution, a solution is in mind but im not sure.
its to import the logs from event viewer of the domain controller to collect all previous data & process it for auditing & risk assessments

aleksander.tyrnov · October 21, 2025, 12:36pm

Thanks for the suggestion. Netwrix Auditor does not - and will not - upport retroactive ingestion of historical events (e.g., “fetch/sync and show past data as of a custom date/time”). Auditor is designed for forward-looking, near-real-time change auditing starting from the moment data sources are added to a Monitoring Plan.
Note: the AD Logon Activity module performs a small, one-time bootstrap lookback (only a few hours) to avoid an initial blind spot; this is not a general backfill mechanism.

Why this isn’t supported

Evidence integrity & provenance: Auditor guarantees that audit trails were captured by the product at the time of occurrence; bulk-importing old logs breaks that guarantee (tampering risk, mixed clocks, changed hostnames/IPs, rolled logs).
Reliability & scale: Historical Windows/Syslog retention is inconsistent (overwrites, gaps). Replaying months/years of logs would be slow, error-prone, and distort timelines.
Product scope: Auditor normalizes audited activity it collects itself; it’s not a generic historical log warehouse.

Topic		Replies	Views
Migration of audit trail from Netwrix Auditor Ideas planned , ideas	1	80	June 30, 2025
Enable audit data retention longer than 1 year Ideas 1secure , planned , ideas	2	52	September 15, 2025
Add the ability to backup and restore Entra ID Objects Ideas recovery-active-directory , in-progress , ideas	2	39	October 13, 2025
Looking for a RSAT tool that integrates NTP with ADUC Ideas new , ideas	1	20	October 16, 2025
Entra ID Activity to be ingested by Access Analyzer Ideas under-review , access-analyzer , ideas	0	28	July 15, 2025

Fetch, Sync & show past data as of custom data/time of the customer

What is a one sentence summary of your feature request?

Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.

How do you currently solve the challenges you have by not having this feature?

Related topics