Least privileges required for a log dump via the CloudSOC SIEM agent
search cancel

Least privileges required for a log dump via the CloudSOC SIEM agent

book

Article ID: 174068

calendar_today

Updated On:

Products

CASB Audit CASB Gateway Advanced CASB Security Advanced CASB Security Premium CASB Security Standard

Issue/Introduction

Symantec CloudSOC
SIEM agent

What are the required least privileges for a full log dump to the Syslog server via the SIEM agent?

If using a standard admin access profile, you get about 20 log events.
If using a sysadmin access profile, you get over 5,000 log events, the full log dump.
For security reasons, what are the least privileges required to get a full log dump?

Resolution

There is no concept of "least privileges" to dump all logs... It is controlled on every app/service level.
Whatever is exported via the SIEM path is under the RBAC profile assigned to the user used to run SIEM agents.
If the access profile got only 20 logs, that means that the user was entitled to only see those.
The ability to see all activities is purely based on the role assigned.
Since the sysadmin is the most powerful user, he/she can see all logs.

RBAC = Role-based access control

Powered by Wolken Software