Least privileges required for a full log dump via the CloudSOC SIEM agent
Last Updated March 20, 2019
Symantec CloudSOC SIEM agent
What are the required least privileges for a full log dump to the syslog server via the SIEM agent?
If using a standard admin access profile you get about 20 log events. If using a sysadmin access profile you get over 5,000 log events, the full log dump. For security reasons, what are the least privileges required to get a full log dump.
There is no concept of "least privileges" to dump all logs... Its controlled on every app/service level. Whatever is exported via the SIEM path is under the RBAC profile that is assigned to the user who is used to run SIEM agents.. If the access profile got only 20 logs, that means that the user was entitled to only see those. The ability to see all activities is purely based on the role assigned. Since the sysadmin is the most powerful user, he/she can see all logs.
RBAC = Rule Based Access Control
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe