...
Grant non-admin service account "Log on as a Service" rights. The details are given here https://learn.microsoft.com/en-us/system-center/scsm/enable-service-log-on-sm?view=sc-sm-2022
Non-admin service account is a member of Event Log Readers
Full Permissions to the following registry keys:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\eventlog\Application
HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\eventlog\System
HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\eventlog\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\My
After installation
Full Permissions to the following registry key for Snare Enterprise and Snare Desktop:
HKEY_LOCAL_MACHINE\SOFTWARE\InterSect Alliance\AuditServiceFull Permissions to the following registry key for Snare WEC:
HKEY_LOCAL_MACHINE\SOFTWARE\InterSect Alliance\SnareWECIf Snare Agent’s configuration is managed via a Group Policy (GPO), grant the service account
at least Read permissions to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\InterSect Alliance\AuditServiceIf Agent Web UI is not accessible, it may be needed to find the Snare Agent self-signed certificate in the Local Computer > Personal certificates store and grant the service account access to this certificate.
To find the certificate that is in use by the Agent, the certificate thumbprint can be cross-referenced with the value in Agent settings, stored in HKEY_LOCAL_MACHINE\SOFTWARE\InterSect Alliance\AuditService\Certificate\WebCertId in the Windows registry.
A restart of the Snare service is required after that
...