...
The document includes the following topics:
| Table of Contents | ||||
|---|---|---|---|---|
|
Supported Versions
A list of supported versions is available in the Accenture MDR Supported Products List document (Accenture_MDR_Supported_Products_List.xlsx) which can be found in
...
You must configure Sophos Enterprise Console to work with the event collector by following the steps below.
...
Create a read-only database user account for Microsoft SQL Server.anchor
mixedauth mixedauth Set the Microsoft SQL server security mode to mixed authentication.Anchor readonlywin readonlywin Create a read-only database user with Windows Account for Microsoft SQL Server.Anchor nondynamic nondynamic Configure the SQL Server instance to listen on a non-dynamic port.Anchor ssl ssl Configure an SSL connection for the Microsoft SQL Server JDBC driver.Anchor sensor sensor
I.
| Anchor | ||||
|---|---|---|---|---|
|
To create a read-only database user account for Microsoft SQL Server, follow the steps below.
...
GRANT SELECT ON vThreatEventData to 'account_name';
go
quit
II.
| Anchor | ||||
|---|---|---|---|---|
|
To set the Microsoft SQL server security mode to mixed authentication, follow the steps below.
...
On the left pane, right-click the appropriate server, and then click Properties.
In the Server Properties window, select Security.
In the Server Authentication section, select SQL Server and Windows Authentication mode.
Click OK and then click Close.
III.
| Anchor | ||||
|---|---|---|---|---|
|
To create a read-only database user with Windows Account for Microsoft SQL Server, follow the steps below.
...
Open SQL Server Management Studio.
Login to the SQL Database with Admin privileges.
In Object Explorer, expand the Databases folder. Expand the database in which you want to create the new database user.
Right-click the Security folder, point to New, and select Logins….
In the Database User – New dialog box, on the General page, select Windows Authentication.
In the User name box, from the User type list, select Windows user. You can also click Search (…) to open the Select User or Group dialog box.
In the Default Database box, specify the database that will own objects created by this user.
On the User Mapping page, select the databases that this login can access. When you select a database, check the Map check box.
Specify a database user to map to the login. Provide the username you created in the above steps.
Specify the default schema of the user. When a user is first created, its default schema is dbo.
From the Database role membership for Database drop-down list, select db_datareader.
Click Ok.
IV.
| Anchor | ||||
|---|---|---|---|---|
|
To configure the SQL Server instance to listen to network requests on a non-dynamic port, follow the steps below.
...
In TCP/IP Properties, on the IP Address tab, make sure that Active and Enabled are both set to Yes.
Make sure that TCP Dynamic Ports is blank for the IP address that the collector connects to.
Make sure that TCP Port contains the value 1433 for the IP address that the collector connects to.
V.
| Anchor | ||||
|---|---|---|---|---|
|
Note: This step is needed only if Secure Sockets Layer (SSL) connection is a requirement.
...
6. Restart the SQL Server. Click SQL Server Services and then right-click SQL-SERVER and Restart.
VI.
| Anchor | ||||
|---|---|---|---|---|
|
Note: To set up Windows Authentication with Accenture security database event collectors, you must use off-box collection. You cannot use this setup with on-box collection.
...
4. In the Collector configuration, for the database sensor setting, add the string ;integratedSecurity=true to the end of the Database URL.
For example: jdbc:jtds:sqlserver://hostname:1433/database_name;integratedSecurity=true
5. In the collector's database sensor setting, remove any values entered in the username and password fields.
...