You are here: Docs>Sheriff Web>UserGuides>SheriffCSMDocumentation>DeploymentGuide>PluginManagement>ConfigureLogForwardingOnCommonlyUsedDataSources>ImpervaSecureSphere (29 Jun 2022, SheriffCyberSecurity)Edit Attach
Up
Previous Next

Sheriff CSMâ„¢

Imperva SecureSphere

When you configure Imperva SecureSphere to send log data to Sheriff CSM, you can use the Imperva-securesphere plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information

DeviceDetails
Vendor Imperva
Device Type Appliance Firewall
Connection Type Syslog
Data Source Name Imperva-securesphere
Data Source ID 1679

Integrating Imperva SecureSphere

Before you configure the Imperva SecureSphere integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).

Imperva SecureSphere offers four different types of events that you can capture, each requiring a slightly different configuration:
  • Security Events
  • Custom Security Events
  • Firewall Security Events
  • System Events

Note: See the Imperva SecureSphere Configuration Guide for more information.

To configure Imperva SecureSphere to send log data to Sheriff CSM

To configure Imperva !!SecureSphere to send syslog messages, based on the CEF standard, whenever a new event occurs:

  1. Define a new Action Set and configure the following parameters:

    • Name: The action set name, for example, "security_syslog".
    • Syslog Host: The IP address or host name of the Syslog server.
    • Syslog Log Level: The Syslog log level.
    • Message: The CEF message for a security event (alert).
    • Facility: The facility name that you want.

      Note: For the Syslog Host entry, the IP address or host name you specify is the IP address or host name of the Sheriff CSM Sensor.

  1. Edit the security policies and modify the Followed Actions for those that you want to send to Syslog when a violation occurs. Use the action set defined for security events in step 1.

    When a security violation occurs, Imperva !!SecureSphere will generate an alert and send a Syslog message to Sheriff CSM.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://www.imperva.com/docs/SB_Imperva_!!SecureSphere_CEF_guide.pdf

For troubleshooting, refer to the vendor documentation:

https://www.imperva.com/Services/TechnicalSupport
Edit  | Attach | Print version | History: r17 < r16 < r15 < r14 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r17 - 29 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.