vluiz1
New Member.
313 views

Symantec Endpoint Protection DB Connector: db_datareader role

Dear Community,

  

I am attempting to collect logs from Symantec Endpoint Protection DB running on MSSQL. The configuration guide requires db_datareader privileges to the user at the database level. db_datareader at the database level gives implicit SELECT privileges on all the tables in the DB.

Is it necessary to have SELECT permissions on ALL the tables in order to collect the SEP logs? I would like to know if the useful information  can be collected by granting permissions to a smaller subset of tables.

Useful events are as listed below (taken from the SmartConnector document):

Scan events

Server admin log events

Network threat protection

Behavior events

System events

Anti-virus and anti-spyware protection

Network access control

Notification alerts

Agent packet events

Virus category

Server policy events

Thanks,

  

Vijay

0 Likes
2 Replies
anirudhanayak@g Outstanding Contributor.
Outstanding Contributor.

Re: Symantec Endpoint Protection DB Connector: db_datareader role

Hi,

We are in the process of integrating Symantec Endpoint DB. We are installing the connector on Connector appliance.

However, the Symantec DB SQL server is using the authentication method as Windows mode instead of SQL server mode.

And due to security reasons, the SQL server authentication mode cannot be changed from Windows mode to SQL server mode or Mixed mode.

Is there a work around to integrate the DB even if the SQL server application is configured with Windows mode.

Regards,

Anirudh

0 Likes
anirudhanayak@g Outstanding Contributor.
Outstanding Contributor.

Re: Symantec Endpoint Protection DB Connector: db_datareader role

There is a work around for this kind of requirement: Please follow the below mentioned steps to make it work

  • Create a Domain account that has the rights of a regular user.
  • Set up as a service account  to avoid interactive login and password expire.
  • In Sql server, work with your DBA to add that domain user to the SQL environment with permissions to read and write to the SEP DB.

Regards,

Anirudh

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.