Creating Record Caching Service roles - Security Center 5.10

Security Center Administrator Guide 5.10
Applies to
Security Center 5.10
Last updated
2023-06-12
Content type
Guides > Administrator guides
Language
English
Product
Security Center
Version
5.10

To use data from external sources in Security Center, you must first create a Record Caching Service role to import and store this data in Security Center.

What you should know

The Record Caching Service role is used for data ingestion. Using this role, you can import records from external data sources into Security Center. You can share the ingested data across the entire unified platform to enhance awareness and response, to provide contextual information on dynamic maps, or to visualize in operational dashboards. The imported data is stored in a local database called the record cache and can be viewed through the Records investigation task.

Procedure

  1. Open the System task and click the Roles view.
  2. Click Add an entity > Record Caching Service.
  3. On the Specific info page, do the following:
    1. If you have multiple servers in your system, click the Server list and select the server where this role is hosted.
    2. Select the Database server used to manage the role database.
      During software installation, a default database server, (local)\SQLEXPRESS, might have been installed on your server. You can use it or use another database server on your network.
    3. In the Database field, enter the name for the database used to store the ingested data.
      CAUTION:
      The default name is RecordCache. If the selected server is already hosting another instance of Record Caching Service, you must choose a different name. Otherwise, the new role will corrupt the existing database.
      Tip: To avoid confusion, use a different database name for every instance of Record Caching Service, whether or not there is a conflict.
    4. From the Authentication drop-down list, select which SQL Server authentication is to be used:
      Windows
      (Default) Use Windows authentication when the role server and the database server are on the same domain.
      SQL Server
      Use SQL Server authentication when the role server and the database server are not on the same domain. You must specify a username and password in this case.
    5. Click Next.
  4. On the Basic information page, enter a name and description for the role.
  5. If there is a Partition field, select the partition this role is a member of.
    Partitions determine which Security Center users have access to this entity. Only users who have been granted access to the partition can see this role.
  6. Click Next > Create > Close.
    A new Record Caching Service role () is created. Wait a few seconds for the role to create the database on the selected database server.
  7. Click the Resources tab and configure the server and database for this Record Caching Service.
  8. Click the Properties tab and define the record types that this Record Caching Service is going to manage.
Browse