We are attempting to collect logs from Symantec Endpoint Protection(SEP v14.2) DB running on MSSQL. The configuration guide requires ArcSight Smart Connector to use db_datareader privileges to access at database level.
Due to our security policies, we are moving forward with a least privilege required model. But the db_datareader role may give read permission on unnecessary/unrequired tables.
As SEP is only required to access certain tables, if it is possible to know which tables SEP needs to access then we can allow SELECT access to only required tables other than all tables.
We already know DB schema structure (v14.x). There may be additional system table access needed.
DB schema link for SEP v14.x:
All we need, is clear Microfocus documentation on creating a custom role with read access to all required tables other than public db_datareader privilege to access arbitrary all table..