ArcSight Smart Connector to use specific DB access privilege

Idea ID 2807988

ArcSight Smart Connector to use specific DB access privilege

0 Votes

We are attempting to collect logs from Symantec Endpoint Protection(SEP v14.2) DB running on MSSQL. The configuration guide requires ArcSight Smart Connector to use db_datareader privileges to access at database level.

Due to our security policies, we are moving forward with a least privilege required model. But the db_datareader role may give read permission on unnecessary/unrequired tables.

As SEP is only required to access certain tables, if it is possible to know which tables SEP needs to access then we can allow SELECT access to only required tables other than all tables.

We already know DB schema structure (v14.x). There may be additional system table access needed.

DB schema link for SEP v14.x:
https://knowledge.broadcom.com/external/article?articleId=185076

All we need, is clear Microfocus documentation on creating a custom role with read access to all required tables other than public db_datareader privilege to access arbitrary all table..

Tags (1)
2 Comments
Micro Focus Contributor
Micro Focus Contributor
Status changed to: Declined

Please submit this as a Support ticket, stating that the Product Manager has referred this to the Customer Support team for resolution.

Established Member..
Established Member..

We already had a support ticket SD02703413. MicroFocus Customer Support team could conclusively provide the DB table list that connector need to access for logs. As we have the DB schema for SEP (from Broadcom), we can go with all SEP schema read access.

All we need, is clear Microfocus documentation on creating a custom role with read access to only required tables other than public db_datareader privilege to access arbitrary all tables. An IT security provider should consider all aspects of security risks.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.