Imperva Securesphere Web App Firewall
Configuration
Setup in FortiSIEM
Complete these steps in the FortiSIEM UI:
- Go to the ADMIN > Setup > Credentials tab.
- In Step 1: Enter Credentials:
- Follow the instructions in “Setting Credentials“ in the User's Guide to create a new credential.
- Enter these settings in the Access Method Definition dialog box:
Setting Value Name <set name> Device Type Imperva Securesphere Web App Firewall Access Protocol See Access Credentials Port See Access Credentials Password config See Password Configuration User Name A user who has access credentials for the device Password The password for the user Super Password Password for Super
- In Step 2, Enter IP Range to Credential Associations:
- Select the name of your credential from the Credentials drop-down list.
- Enter a host name, an IP, or an IP range in the IP/Host Name field.
- Click Save.
- Click Test to test the connection to Imperva Securesphere Web App Firewall.
- To see the jobs associated with Imperva, select ADMIN > Pull Events.
- To see the received events select ANALYTICS, then enter Imperva in the search box.
Sample Events
<6>CEF:0|Imperva Inc.|SecureSphere|11.5.0|Firewall Policy|Firewall Policy|High|act=None dst=1.1.1.1 dpt=123 duser=n/a src=192.0.20.0 spt=123 proto=UDP rt=Sep 30 2016 11:22:54 cat=Alert cs1=Firewall Policy cs1Label=Policy cs2=PCI-V2 cs2Label=ServerGroup cs3=ServiceName cs3Label=ServiceName cs4=AppName cs4Label=ApplicationName cs5=Distributed Unauthorized Access to Service: port UDP:123 cs5Label=Description