cancel
Showing results for 
Search instead for 
Did you mean: 

Custom SQL Integration using SIEM Collector

Hi All,

I'm trying to integrate MS-SQL Database Tables using SIEM Collector, but I'm stuck in last step. Below is the brief details of what I have done so far.

1. Install SIEM Collector

2. Install ODBC driver

3. Configure host with SQL Database User

4. The user has read only permission to the Database and the instance I'm trying to integrate

5. The user is getting authenticated in the first step where we give Server and Port details.

But when it comes to the step where I need to select Database and Table to forward the events, when I select the drop down next to 'Select a Database' option the drop down is not showing anything. Drop down doesn't have any values in that.

Can some one please help me to fix this issue, what can be the reason why I'm not able to view the Database details. I checked with SQL Server team and they said they can view the Database using the credentials.

Thanks in advance.

Thanks and Regards,

Soul Joy

7 Replies
abanaru
Level 11
Report Inappropriate Content
Message 2 of 8

Re: Custom SQL Integration using SIEM Collector

Did you enable TCP/IP for SQL Server ? Is the collector on the same machine as the SQL Server ?

Re: Custom SQL Integration using SIEM Collector

No. Collector is not in the same machine but Connectivity is there.

Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 4 of 8

Re: Custom SQL Integration using SIEM Collector

Are you saying the collector is not installed on the machine that DB is on?

- SQL DB is on machine A

- SIEM Collector is installed on Machine B

Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 5 of 8

Re: Custom SQL Integration using SIEM Collector

If you don't see anything in the dropdown, that means the user doesn't have the correct permissions to read the tables on the database.

** The DB user must have Read Any Permissions to work properly

  ** The actual Needed Permissions are: VIEWANYDEFINITION "View ANY DEFINITION", INFORMATION SCHEMA.TABLE "INFORMATION SCHEMA.TABLE"(    Gives the list of tables), SYS.COLUMS "SYS.COLUMS" (List of Fields)

Re: Custom SQL Integration using SIEM Collector

I tried this, but still not able to view Database

Re: Custom SQL Integration using SIEM Collector

To view user name in the "Select a database" field, access should be given at DB end.

User account should be given with “Select Any Dictionary” Privilege.

proxima
Level 10
Report Inappropriate Content
Message 8 of 8

Re: Custom SQL Integration using SIEM Collector

Hi,

 

I'm sure that you are using 'named instance' which is currently not supported by SIEM Collector.... 😞

https://kc.mcafee.com/corporate/index?page=content&id=KB86941&actp=null&showDraft=false&platinum_sta...

 

Best Regards

MK

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center