Running SAM using a service account
Overview
The least privileged principle is a critical cybersecurity mindset that improves your cybersecurity posture by scrutinizing authentication and authorization of accounts in your environment. The following walkthrough will guide you through the necessary steps to provision a service account with minimal access to the local system and allow SAM to run successfully.
Walk-through
Step 1. Create a service account for SAM to use.
Step 2. Provision the service account with "full control" to the following on the local system.
Snare Certificate in the cert store
Right-click> All Tasks > Manage Private Keys.
b. Security > Add the service account with full control
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Intersect Alliance\SnareAgentManager
Right-click > Permissions > Add the service account with full control
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\My
Right-click > Permissions > Add the service account with full control
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Right-click > Permissions > Add the service account with full control
C:\program files\Intersect Alliance\Snare Agent Manager
Right-click > Properties > Security> Add the service account with full control
Once all the above is complete go to Services.msc and select the Snare Agent manager service, Right click and open Properties.
Select the login tab and input the details of your service account.
Click apply, and close the window.
Then restart the service and test you can access the SAM web UI.