Host and Credentials Settings

Host and Credential settings allow you to configure the different types of credentials that may be used by the data sources configured on this asset for authentication purposes. The credential is any item on the asset which is capable of storing information from which audit data can be obtained.

TIP: The Host cannot be changed for assets using this option.

From the General Settings Panel click Host & Credentials to open the Host and Credentials configuration options.

Host

The host is the asset on which the required credentials are running. The current host is displayed in the top panel and cannot be changed from this location.

Credentials

The credentials are the means by which the data sources are accessed. Credentials normally run on the same machine that is identified as the host.

Credentials are stored by Event Manager so they can be used for authentication on different systems. Auto Discovery uses them when scanning for devices across your environment. Credentials also allow Event Manager to create monitors automatically without prompting you for them each time.

To access the current list of credentials that have been created in Event Manager click Credentials Management from the top of the Hosts and Credentials display.

You can add a new credential by clicking on any existing credential in this list followed by Add credential of this type.

Credentials are covered in more detail in the section Credentials Management.

Automatic credential assignment

Where the asset is a recognized datasource for which a template is available, the applicable credential is automatically assigned as soon as the datasource is enabled. The other credentials can be used but only in the capacity of a custom datasource.

For example, if the datasource is an AIX server, the Syslog log credential is automatically applied. Likewise, if the datasource is a Windows server, the Windows Security credential is automatically applied.

The Monitoring Node default credential is applied by default, however this can be changed. See Changing Credentials for more information.

A full list of automatic template assigments is provided below:

AIX

Credentials automatically assigned:

  • Syslog - Monitoring Node Default credential applied to the AIX Standard (Syslog) datasource

Credentials available for custom AIX data sources:

  • Database Reader - used as a Database Reader in a custom datasource
  • File Reader - used as a Log Reader in a custom datasource
  • Syslog - used as a Syslog in a custom datasource
  • Windows Security - used as a Windows Event Log in a custom datasource

IBM i

Credentials automatically assigned:

  • Database Reader - Monitoring Node Default credential applied to the iSeries Audit and iSeries User Activity data sources.
  • Data Adapter - Monitoring Node Default credential applied to the iSeries Audit and iSeries User Activity data sources

Credentials available for custom IBM i data sources:

  • Database Reader - used as a Database Reader in a custom datasource
  • File Reader - used as a Log Reader in a custom datasource
  • Syslog - used as a Syslog in a custom datasource
  • Windows Security - used as a Windows Event Log in a custom datasource

Linux

Credentials automatically assigned:

  • Linux Security - Monitoring Node Default credential applied to the Linux Standard datasource

Credentials available for custom Linux data sources:

  • Database Reader - used as a Database Reader in a custom datasource
  • File Reader - used as a Log Reader in a custom datasource
  • Syslog - used as a Syslog in a custom datasource
  • Windows Security - used as a Windows Event Log in a custom datasource

Solaris

Credentials automatically assigned:

  • Solaris Security - Monitoring Node Default credential applied to the Solaris Standard datasource

Credentials available for custom Solaris data sources:

  • Database Reader - used as a Database Reader in a custom datasource
  • File Reader - used as a Log Reader in a custom datasource
  • Syslog - used as a Syslog in a custom datasource
  • Windows Security - used as a Windows Event Log in a custom datasource

SQL Server

Credentials available for custom SQL Server data sources:

  • Database Reader - used as a Database Reader in a custom datasource
  • File Reader - used as a Log Reader in a custom datasource
  • Syslog - used as a Syslog in a custom datasource
  • Windows Security - used as a Windows Event Log in a custom datasource

Windows

Credentials automatically assigned:

  • Windows Security - Monitoring Node Default credential applied to the Windows Additional Controls and Windows Standard data sources

Credentials available for custom Windows data sources:

  • Database Reader - used as a Database Reader in a custom datasource
  • File Reader - used as a Log Reader in a custom datasource
  • Syslog - used as a Syslog in a custom datasource
  • Windows Security - used as a Windows Event Log in a custom datasource

Changing Credentials

It is possible to change any of the listed credentials against the datasource for a different credential of the same type. Click Change Credential against the listed credential that you want to change.

This opens the Select Credential window. This displays a list of other credentials that can be used in place of the credential that is currently selected. The list of alternatives is dependent on the credential selected for change.

For example, if you decide to change the Monitoring Node Default credential for Windows Security you are presented with a list of alternative Windows credentials that can be used as a replacement. Scroll through the list to find the alternative credential that you want to use and single-click on it so that it is highlighted. Click OK to confirm and save the change.

NOTE: Any alternative credentials that are available in the list for selection must have already been defined. See Credentials Management for more information.