Imperva SecureSphere
The IBM QRadar DSM for Imperva SecureSphere collects all relevant syslog events from your Imperva SecureSphere devices.
The following table lists the specifications for the Imperva SecureSphere
DSM:
Specification | Value |
---|---|
Manufacturer | Imperva |
DSM name | SecureSphere |
RPM file name | DSM-ImpervaSecuresphere-QRadar-version-Build_number.noarch.rpm |
Supported versions | v6.2 and v7.x to v13 Release Enterprise Edition (Syslog) v9.5 to v13 (LEEF) |
Event format | syslog LEEF |
QRadar recorded event types | Firewall policy events |
Automatically discovered? | Yes |
Includes identity? | Yes |
Includes custom properties? | No |
More information | Imperva website (http://www.imperva.com) |
To send events from Imperva SecureSphere devices to QRadar,
complete the following steps:
- If automatic updates are not enabled, download and install the most recent version of the Imperva SecureSphere DSM RPM from the IBM® Support Website onto your QRadar Console.
- For each instance of Imperva SecureSphere, configure the Imperva
SecureSphere appliance to communicate with QRadar.
On your Imperva SecureSphere appliance, complete
the following steps
- Configure an alert action.
- Configure a system event action.
- If QRadar
does not automatically discover the Imperva SecureSphere
log source, create a log source for each instance
of Imperva SecureSphere on your network. Use the
following table to define the Imperva SecureSphere-specific parameters:
Table 2. Imperva SecureSphere log source parameters Parameter Description Log Source Type Imperva SecureSphere Protocol Configuration Syslog