Post-Installation Steps
These post-installation steps are only required if you
- Use SQL Server Express as a storage for your audit data. Go to Configuring Additional Steps for SQL Server Express.
- Selected Windows authentication method to connect to SQL Server. Go to Allowing Access to Service Accounts.
Configuring Additional Steps for SQL Server Express
Cygna Labs recommends SQL Server Standard edition for storing your audit data. You can opt for SQL Server Express during the product evaluation but note that SQL Server Express requires additional configuration before Cygna Auditor can start writing your data in the audit storage.
To update protocol preferences:
- On the server that hosts your SQL Server Express, start SQL Server Configuration Manager.
- Go to SQL Server Network Configuration / Protocols for SQLEXPRESS and set TCP/IP to "Enabled".
To update service properties:
- On the server that hosts your SQL Server Express, start Services.
-
Locate the SQL Server Browser service and set its Startup type to "Automatic", and then start the service.
- Locate the SQL Server (SQLEXPRESS) service and restart it.
Allowing Access to Service Accounts
If you choose the Windows authentication on your SQL Server, you have to enable Cygna Auditor components and services to connect to and access the audit database.
Create login for |
Assign roles |
Explanation |
---|---|---|
SQL Server installed locally |
||
Local IIS users group (computername\IIS_IUSRS |
db_owner and public roles for the audit database |
Cygna web console uses the account running the Cygna Labs Web Console application pool to access the database (ApplicationPoolIdentity by default, it belongs to computername\IIS_IUSRS group). |
NT_AUTHORITY\SYSTEM |
db_owner and public roles for the audit database |
Other Cygna components and services connect to the SQL Server as NT_AUTHORITY\SYSTEM account. |
SQL Server installed remotely |
||
Computer account of Cygna Auditor host (domain\computeraccount$) |
db_owner and public roles for the audit database |
Cygna Auditor components and services connect to a remote SQL Server as the AD computer account of the Cygna Auditor host. |
With Windows authentication, you'll have to allow access to computer accounts of file servers and domain controllers where the Cygna Auditor agents will run once you enable auditing.