Idea ID: 2807988

ArcSight Smart Connector to use specific DB access privilege

Status : Declined
11 months ago

We are attempting to collect logs from Symantec Endpoint Protection(SEP v14.2) DB running on MSSQL. The configuration guide requires ArcSight Smart Connector to use db_datareader privileges to access at database level.

Due to our security policies, we are moving forward with a least privilege required model. But the db_datareader role may give read permission on unnecessary/unrequired tables.

As SEP is only required to access certain tables, if it is possible to know which tables SEP needs to access then we can allow SELECT access to only required tables other than all tables.

We already know DB schema structure (v14.x). There may be additional system table access needed.

DB schema link for SEP v14.x:
https://knowledge.broadcom.com/external/article?articleId=185076

All we need, is clear Microfocus documentation on creating a custom role with read access to all required tables other than public db_datareader privilege to access arbitrary all table..

  • We already had a support ticket SD02703413. MicroFocus Customer Support team could conclusively provide the DB table list that connector need to access for logs. As we have the DB schema for SEP (from Broadcom), we can go with all SEP schema read access.

    All we need, is clear Microfocus documentation on creating a custom role with read access to only required tables other than public db_datareader privilege to access arbitrary all tables. An IT security provider should consider all aspects of security risks.

  • Please submit this as a Support ticket, stating that the Product Manager has referred this to the Customer Support team for resolution.