Comment List
  • I agree with the last comment, add the version number too please.

  • Last, it would be appreciated when you add the SmartConnector version/build that applies, when the document is released. Now it only contains a release date of the document. So you would have to know/research the release date of a certain SmartConnector and compare. Unnecesary and cumbersome. Could this globally be introduced?

  • Actually, just check your document it is all over the place.

  • Version 6 of the document, page 15, Agent Security Mappings, mentions the ArcSight field "Protocol".  This field does not exist. Probably should be "Transport Protocol"...

    Please fix.

  • Version 6 of the document, page 15, Agent Security Mappings, mentions the ArcSight field "Base Event Count".  This field does not exist. Probably should be "Aggregated Event Count"...

    Please fix.

  • This there a way that I can also collect Endpoint State data using this collector (i.e. last communication, name, ip , operating system, sep client version, definition version etc) or is there another one I must use?

  • Ryan, thank you for your input. With the next update for the guide, I will work with the team to verify this procedure and add it to the guide.


  • What would be very helpful would be to include a set of steps to properly configure the SQL account to connect and the minimum permissions/tables required.

    Something that looks like this:

    1. Open MS SQL Server Management Studio
    2. Change the default database to the SEPM database
    3. Create a new user in the MSSQL database (local)
    4. Apply the user to the public server for the SEPM database (User Mapping > Select SEPM db)
    5. In MS SQL Server Management Studio, make sure the user is permitted to connect to the database (Select SEPM DB > Properties > Permissions > Connect / Grant)
    6. Add the “db_datareader” role to the SEPM database (Select SEPM DB > Security > Users > User Properties > Under role members, select db_datareader)
    7. Test the database connections by setting up a local ODBC connection and completing a successful connection.

  • Regarding the version of the SmartConnector, we do not actually have version numbers. Some connectors, but not all, are updated with each connector release.  All current configuration guides are posted on Protect 724, and the publish date for each matches the date of the SmartConnector release in which the update was made.

  • A1: I don't think you need to turn on the audit function.


Related Discussions