Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE

SmartConnector for Symantec Endpoint Protection DB

SmartConnector for Symantec Endpoint Protection DB

 

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Comments

Hi Joanne,

Thanks for sharing, May I know do I need to turn on the SEP DB audit function in SQL server in this case?

what is version for this SmartConnector?

Thanks.

A1: I don't think you need to turn on the audit function.

Thx

Regarding the version of the SmartConnector, we do not actually have version numbers. Some connectors, but not all, are updated with each connector release.  All current configuration guides are posted on Protect 724, and the publish date for each matches the date of the SmartConnector release in which the update was made.

What would be very helpful would be to include a set of steps to properly configure the SQL account to connect and the minimum permissions/tables required.

Something that looks like this:

1. Open MS SQL Server Management Studio
2. Change the default database to the SEPM database
3. Create a new user in the MSSQL database (local)
4. Apply the user to the public server for the SEPM database (User Mapping > Select SEPM db)
5. In MS SQL Server Management Studio, make sure the user is permitted to connect to the database (Select SEPM DB > Properties > Permissions > Connect / Grant)
6. Add the “db_datareader” role to the SEPM database (Select SEPM DB > Security > Users > User Properties > Under role members, select db_datareader)
7. Test the database connections by setting up a local ODBC connection and completing a successful connection.

Ryan, thank you for your input. With the next update for the guide, I will work with the team to verify this procedure and add it to the guide.

Ingrid

This there a way that I can also collect Endpoint State data using this collector (i.e. last communication, name, ip , operating system, sep client version, definition version etc) or is there another one I must use?

Version 6 of the document, page 15, Agent Security Mappings, mentions the ArcSight field "Base Event Count".  This field does not exist. Probably should be "Aggregated Event Count"...

Please fix.

Version 6 of the document, page 15, Agent Security Mappings, mentions the ArcSight field "Protocol".  This field does not exist. Probably should be "Transport Protocol"...

Please fix.

Actually, just check your document it is all over the place.

Last, it would be appreciated when you add the SmartConnector version/build that applies, when the document is released. Now it only contains a release date of the document. So you would have to know/research the release date of a certain SmartConnector and compare. Unnecesary and cumbersome. Could this globally be introduced?

I agree with the last comment, add the version number too please.

Top Contributors
Version history
Revision #:
13 of 13
Last update:
yesterday
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.