Skip to main content
Skip table of contents

Configure User Access Control for FIPS Mode

Create a Domain Service Account

Set up a domain service account with the specified permissions. For more information, see Least Privileged User.

Place the service account in the Local Administrators Group.

Grant the LogRhythm Server Local Administrator Access to SQL Server

  1. Sign in to SQL Server as sa.
  2. Create a new login for the local server administrator account.
  3. Ensure that the account has sysadmin access.

Validate Local Administrator SQL Server Access

  1. Sign in to SQL server as the local admin account. 
  2. Under Logins, right-click the <Server\LocalAdmin> account.
  3. Verify that the sysadmin role is selected.
Performing initial LogRhythm configurations requires LogRhythm Global Admin access, which requires a User record in the EMDB.  LogRhythm Person and User Records must be manually created in SQL Server and must be granted LogRhythm Global Admin access.

Create a Domain User

In FIPS Mode, only active Directory Logins are allowed. To be used in FIPS mode, a domain user must first be created.

  1. Log into the Client Console using the default LogRhythm Administrator account, and then create a new person account.

  2. Associate this person with the service account you created.

  3. Create a user account, and set and use the domain browser (...) to select the service account you created.

    • Make sure your user is set up to be a Global Administrator. 

Associate the Domain User as the SQL Server Role Member

In SQL Server Management Studio, execute the following script against all LogRhythm databases with the appropriate DOMAINfirstname and lastname:

CODE 
EXEC sp_addrolemember N'LogRhythmGlobalWebUI', N'DOMAIN\firstname.lastname'
EXEC sp_addrolemember N'LogRhythmGlobalARM', N'DOMAIN\firstname.lastname'

The DOMAIN is case sensitive here! Make sure the same case-sensitive DOMAIN is used in the next step.

Configure LogRhythm Services for FIPS Mode

Each LogRhythm component needs to be updated to utilize the log-on Domain Service Account. Complete the following steps for each service:

  • LogRhythm AI Engine
  • LogRhythm AI Engine Communication Manager
  • LogRhythm Alarming and Response Manager
  • LogRhythm Job Manager
  • LogRhythm Mediator Server Service
  • LogRhythm System Monitor Service

To configure a LogRhythm service for FIPS mode:

  1. Log on to Windows as a Windows system administrator.
  2. Open the Services panel.
  3. Right-click the service, click Properties, and then click the Log On tab.
  4. Select the service Account.

  5. Enter the domain credentials of the domain user in the format service_account@domain.com, and click OK
    A dialog box appears that says The Account service_account@domain.com has been granted the Log On As A Service right.

  6. Repeat steps 1 through 5 for each LogRhythm service.

Configure the Platform Manager

  1. From the Windows Start menu or Apps list, open Platform Local Configuration Manager.
  2. Select the Login with Window account check box.
  3. Select the Encrypt all communications check box.
  4. Click OK.

Configure the Data Processor Manager

  1. From the Windows Start menu or Apps list, open Data Processor Local Configuration Manager.
  2. Select the Login with Window account check box.
  3. Select the Encrypt all communications check box.
  4. Click OK.

Configure the AIE Manager

  1. From the Windows Start menu or Apps list, open AIE Local Configuration Manager.
  2. Select the Login with Window account check box.
  3. Select the Encrypt all communications check box.
  4. Click OK.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close