Fortinet black logo

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Imperva SecureSphere Web App Firewall

Configuration

Setup in FortiSIEM

Complete these steps in the FortiSIEM UI:

  1. Go to the ADMIN > Setup > Credentials tab.
  2. In Step 1: Enter Credentials, click New to create Imperva SecureSphere Web App Firewall credential.
    1. Follow the instructions in “Setting Credentials“ in the User's Guide to create a new credential.
    2. Enter these settings in the Access Method Definition dialog box:

      SettingValue
      Name<set name>
      Device TypeImperva Securesphere Web App Firewall
      Access ProtocolSee Access Credentials
      PortSee Access Credentials
      Password configSee Password Configuration
      User NameA user who has access credentials for the device
      PasswordThe password for the user
      Super PasswordPassword for Super
  3. In Step 2: Enter IP Range to Credential Associations, click New to create a mapping for your Imperva SecureSphere Web App Firewall credential.
    1. Enter a host name, an IP, or an IP range in the IP/Host Name field.
    2. Select the name of your credential from the Credentialsdrop-down list.
    3. Click Save.
  4. Click the Test drop-down list and select Test Connectivity to test the connection to Imperva SecureSphere Web App Firewall.
  5. To see the jobs associated with Imperva, navigate to ADMIN > Setup > Pull Events.
  6. To see the received events, select ANALYTICS, then enter "Imperva" in the search box.

Sample Events

<6>CEF:0|Imperva Inc.|SecureSphere|11.5.0|Firewall Policy|Firewall Policy|High|act=None dst=1.1.1.1 dpt=123 duser=n/a src=192.0.20.0  spt=123 proto=UDP rt=Sep 30 2016 11:22:54 cat=Alert cs1=Firewall Policy cs1Label=Policy cs2=PCI-V2 cs2Label=ServerGroup cs3=ServiceName cs3Label=ServiceName cs4=AppName cs4Label=ApplicationName cs5=Distributed Unauthorized Access to Service: port UDP:123 cs5Label=Description

Imperva SecureSphere Web App Firewall

Configuration

Setup in FortiSIEM

Complete these steps in the FortiSIEM UI:

  1. Go to the ADMIN > Setup > Credentials tab.
  2. In Step 1: Enter Credentials, click New to create Imperva SecureSphere Web App Firewall credential.
    1. Follow the instructions in “Setting Credentials“ in the User's Guide to create a new credential.
    2. Enter these settings in the Access Method Definition dialog box:

      SettingValue
      Name<set name>
      Device TypeImperva Securesphere Web App Firewall
      Access ProtocolSee Access Credentials
      PortSee Access Credentials
      Password configSee Password Configuration
      User NameA user who has access credentials for the device
      PasswordThe password for the user
      Super PasswordPassword for Super
  3. In Step 2: Enter IP Range to Credential Associations, click New to create a mapping for your Imperva SecureSphere Web App Firewall credential.
    1. Enter a host name, an IP, or an IP range in the IP/Host Name field.
    2. Select the name of your credential from the Credentialsdrop-down list.
    3. Click Save.
  4. Click the Test drop-down list and select Test Connectivity to test the connection to Imperva SecureSphere Web App Firewall.
  5. To see the jobs associated with Imperva, navigate to ADMIN > Setup > Pull Events.
  6. To see the received events, select ANALYTICS, then enter "Imperva" in the search box.

Sample Events

<6>CEF:0|Imperva Inc.|SecureSphere|11.5.0|Firewall Policy|Firewall Policy|High|act=None dst=1.1.1.1 dpt=123 duser=n/a src=192.0.20.0  spt=123 proto=UDP rt=Sep 30 2016 11:22:54 cat=Alert cs1=Firewall Policy cs1Label=Policy cs2=PCI-V2 cs2Label=ServerGroup cs3=ServiceName cs3Label=ServiceName cs4=AppName cs4Label=ApplicationName cs5=Distributed Unauthorized Access to Service: port UDP:123 cs5Label=Description