This section provides orientation on registering credentials used in the Intelligence solution to access SharePoint and Microsoft Analysis Services, as well as credentials used to run automated collections in risk projects.
Credentials for Microsoft Analysis Services used in the Intelligence solution must be for a user account that has access to the database. To access SharePoint, any user account can be used as long as they have permission to the library where the reports will be stored.
Credentials registered here are also used to access target machines in automated collections. The system uses a remote collection method that does not require software to be installed in the assets being analyzed. To use this feature in a project, a collector server must be registered and valid credentials to access the assets must be provided. The collector server will be responsible for managing collection requests in assets and their results, and the credentials will be used to access the assets during the collection. For details on collector servers, see Chapter 17: Administration -> Settings -> Collector Servers.
For the risk evaluation to be successful, the credentials provided to access the technology assets must belong to users with certain privileges in these assets. The table below indicates which privileges are needed for these assets according to each type of knowledge base in the system.
|
Knowledge Base Type |
Privileges |
|
Windows |
Member of the Administrators group of the asset or domain. |
|
Unix family |
User with privileges to access the root directory of the system, and read access in any of the asset's configuration files – for example, the "/etc." directory and its files. |
|
SQL database |
Any user with privileges to access the database where the SQL configurations are stored – for example, in Oracle, the SYSTEM database – and to connect to the operating system. |
|
Cisco iOS |
For a basic verification, any user with access through telnet. For a more complete verification, a password must be registered to invoke elevated privileges in the asset in the Credentials section of the Administration module. |
Note: It may be that credentials with lower privileges will work, but if the privileges are insufficient, the status of each control from the questionnaires will become Not Answered after the collection has finished.