Endpoint Protection

Hi,

We are building our own monitoring system for different management programs, and would like to gather data also from the SEP's internal database (11.x). I can get data but only with the default admin-account. I just wouldn't want to put the main admin password inside some script... I'd like to create an account which would have just read only access to the database.

So, is this possible, and how? If I create new admin accounts through the Endpoint Protection Management console, they don't show up at the internal database. At least I couldn't find them anywhere.

Documentation around this subject is a bit thin, so all hints&tips are appreciated.

Best,

Olli Rajala

To my understanding, the default account when installing SEPM is "admin" and for what you want to do, you would need to use "admin" and whatever password you selected. Admin is the built-in account name and cannot be deleted/modified.

We use the syslog feature to send data to a syslog server.

SSIM also does a nice job of correlating events from various systems.

The account name when using the SQL interface to the internal database is not 'admin', btw. For whatever reason the user name is DBA but it is the same account, because the password matches...

But yes, I was afraid of that it's something built-in.

Then this would be something witn SQL not SEPM. But again, it's because of the built-in 'DBA' account.

I know with SSIM, you can create a read-only account for the collector and it works just fine.

But sounds like you are doing something custom.

Syslog might be an alternative, but alas it is not so easy to use (lack of documentation, mainly). Or is there somewhere a document where the different logging options are described? I mean those options which can be found at the external logging -> Log Filter -tab.

In addition, we don't get all the information we'd like to get through the syslog feature.