search cancel

Least privileges required for a log dump via the CloudSOC SIEM agent


Article ID: 174068


Updated On:


CASB Audit CASB Gateway Advanced CASB Security Advanced CASB Security Premium CASB Security Standard


Symantec CloudSOC
SIEM agent

What are the required least privileges for a full log dump to the Syslog server via the SIEM agent?

If using a standard admin access profile, you get about 20 log events.
If using a sysadmin access profile, you get over 5,000 log events, the full log dump.
For security reasons, what are the least privileges required to get a full log dump?


There is no concept of "least privileges" to dump all logs... It is controlled on every app/service level.
Whatever is exported via the SIEM path is under the RBAC profile assigned to the user used to run SIEM agents.
If the access profile got only 20 logs, that means that the user was entitled to only see those.
The ability to see all activities is purely based on the role assigned.
Since the sysadmin is the most powerful user, he/she can see all logs.

RBAC = Role-based access control