I'm trying to integrate MS-SQL Database Tables using SIEM Collector, but I'm stuck in last step. Below is the brief details of what I have done so far.
1. Install SIEM Collector
2. Install ODBC driver
3. Configure host with SQL Database User
4. The user has read only permission to the Database and the instance I'm trying to integrate
5. The user is getting authenticated in the first step where we give Server and Port details.
But when it comes to the step where I need to select Database and Table to forward the events, when I select the drop down next to 'Select a Database' option the drop down is not showing anything. Drop down doesn't have any values in that.
Can some one please help me to fix this issue, what can be the reason why I'm not able to view the Database details. I checked with SQL Server team and they said they can view the Database using the credentials.
Thanks in advance.
Thanks and Regards,
If you don't see anything in the dropdown, that means the user doesn't have the correct permissions to read the tables on the database.
** The DB user must have Read Any Permissions to work properly
** The actual Needed Permissions are: VIEWANYDEFINITION "View ANY DEFINITION", INFORMATION SCHEMA.TABLE "INFORMATION SCHEMA.TABLE"( Gives the list of tables), SYS.COLUMS "SYS.COLUMS" (List of Fields)
To view user name in the "Select a database" field, access should be given at DB end.
User account should be given with “Select Any Dictionary” Privilege.
I'm sure that you are using 'named instance' which is currently not supported by SIEM Collector.... 😞
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center