Imperva SecureSphere Web App Firewall
Configuration
Setup in FortiSIEM
Complete these steps in the FortiSIEM UI:
- Go to the ADMIN > Setup > Credentials tab.
- In Step 1: Enter Credentials, click New to create Imperva SecureSphere Web App Firewall credential.
- Follow the instructions in “Setting Credentials“ in the User's Guide to create a new credential.
- Enter these settings in the Access Method Definition dialog box:
Setting Value Name <set name> Device Type Imperva Securesphere Web App Firewall Access Protocol See Access Credentials Port See Access Credentials Password config See Password Configuration User Name A user who has access credentials for the device Password The password for the user Super Password Password for Super
- In Step 2: Enter IP Range to Credential Associations, click New to create a mapping for your Imperva SecureSphere Web App Firewall credential.
- Enter a host name, an IP, or an IP range in the IP/Host Name field.
- Select the name of your credential from the Credentialsdrop-down list.
- Click Save.
- Click the Test drop-down list and select Test Connectivity to test the connection to Imperva SecureSphere Web App Firewall.
- To see the jobs associated with Imperva, navigate to ADMIN > Setup > Pull Events.
- To see the received events, select ANALYTICS, then enter "Imperva" in the search box.
Sample Events
<6>CEF:0|Imperva Inc.|SecureSphere|11.5.0|Firewall Policy|Firewall Policy|High|act=None dst=1.1.1.1 dpt=123 duser=n/a src=192.0.20.0 spt=123 proto=UDP rt=Sep 30 2016 11:22:54 cat=Alert cs1=Firewall Policy cs1Label=Policy cs2=PCI-V2 cs2Label=ServerGroup cs3=ServiceName cs3Label=ServiceName cs4=AppName cs4Label=ApplicationName cs5=Distributed Unauthorized Access to Service: port UDP:123 cs5Label=Description