search cancel

Least privileges required for a full log dump via the CloudSOC SIEM agent

book

Article ID: 174068

calendar_today

Updated On:

Products

CASB Audit CASB Gateway Advanced

Issue/Introduction

Symantec CloudSOC
SIEM agent

What are the required least privileges for a full log dump to the syslog server via the SIEM agent?

If using a standard admin access profile you get about 20 log events.
If using a sysadmin access profile you get over 5,000 log events, the full log dump.
For security reasons, what are the least privileges required to get a full log dump.

Resolution

There is no concept of "least privileges" to dump all logs... Its controlled on every app/service level.
Whatever is exported via the SIEM path is under the RBAC profile that is assigned to the user who is used to run SIEM agents..
If the access profile got only 20 logs, that means that the user was entitled to only see those.
The ability to see all activities is purely based on the role assigned.
Since the sysadmin is the most powerful user, he/she can see all logs.

RBAC = Rule Based Access Control