Imperva SecureSphere

The IBM QRadar DSM for Imperva SecureSphere collects all relevant syslog events from your Imperva SecureSphere devices.

The following table lists the specifications for the Imperva SecureSphere DSM:
Table 1. Imperva SecureSphere DSM
Specification Value
Manufacturer Imperva
DSM name SecureSphere
RPM file name DSM-ImpervaSecuresphere-QRadar-version-Build_number.noarch.rpm
Supported versions v6.2 and v7.x to v13 Release Enterprise Edition (Syslog)

v9.5 to v13 (LEEF)

Event format syslog

LEEF

QRadar recorded event types Firewall policy events
Automatically discovered? Yes
Includes identity? Yes
Includes custom properties? No
More information Imperva website (http://www.imperva.com)
To send events from Imperva SecureSphere devices to QRadar, complete the following steps:
  1. If automatic updates are not enabled, download and install the most recent version of the Imperva SecureSphere DSM RPM from the IBM® Support Website onto your QRadar Console.
  2. For each instance of Imperva SecureSphere, configure the Imperva SecureSphere appliance to communicate with QRadar. On your Imperva SecureSphere appliance, complete the following steps
    1. Configure an alert action.
    2. Configure a system event action.
  3. If QRadar does not automatically discover the Imperva SecureSphere log source, create a log source for each instance of Imperva SecureSphere on your network. Use the following table to define the Imperva SecureSphere-specific parameters:
    Table 2. Imperva SecureSphere log source parameters
    Parameter Description
    Log Source Type Imperva SecureSphere
    Protocol Configuration Syslog