Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • External Systems Configuration Guide

    Home FortiSIEM 6.7.8 External Systems Configuration Guide
    6.7.8
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.7.9
    6.7.8
    6.7.7
    6.7.6
    6.7.5
    6.7.4
    6.7.3
    6.7.2
    6.7.1
    6.7.0
    6.6.5
    6.6.4
    6.6.3
    6.6.2
    6.6.1
    6.6.0
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    6.1.0
    5.4.0
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.0.0

    Imperva Securesphere Security Gateway

    Imperva SecureSphere Security Gateway

    What is Discovered and Monitored

    Protocol Information Discovered Data Collected Used for
    Syslog (CEF format) Security and Compliance

    Configuration

    Setup in FortiSIEM

    Complete these steps in the FortiSIEM UI:

    1. Go to the ADMIN > Setup > Credentials tab.
    2. In Step 1: Enter Credentials, click New to create a new credential.
      1. Follow the instructions in "Setting Credentials" in the User's Guide to create a new credential.
      2. Enter these settings in the Access Method Definition dialog box:

        SettingValue
        Name<set name>
        Device TypeImperva Securesphere DB Security Gateway
        Access ProtocolSee Access Credentials
        PortSee Access Credentials
        Password configSee Password Configuration
        User NameA user who has access credentials for the device
        PasswordThe password for the user
        Super PasswordPassword for Super
    3. In Step 2: Enter IP Range to Credential Associations, click New to create a new mapping.
      1. Enter a host name, an IP, or an IP range in the IP/Host Name field.
      2. Select the name of your credential created in step 2 from the Credentials drop-down list.
      3. Click Save.
    4. Click the Test drop-down list, and select Test Connectivity to test the connection to Imperva SecureSphere DB Security Gateway.
    5. To see the jobs associated with Imperva, select ADMIN > Setup > Pull Events.
    6. To see the received events select ANALYTICS, then enter "Imperva" in the search box.

    Sample Events

    <14>CEF:0|Imperva Inc.|SecureSphere|11.5.0.20_0|Audit|Audit|Informative|dst=10.2.6.194 dpt=3306 duser=wf_settlement src=10.2.6.48 spt=59876 proto=TCP rt=11 April 2016 14:07:09 cat=Audit Default Rule - All cs2Label=ServerGroup cs3=ProcessMakerDBFX cs3Label=ServiceName cs4=Default MySql Application cs4Label=ApplicationName cs5=642697783064 cs5Label=EventId cs6=Query cs6Label=EventType cs7=Default MySql group cs7Label=UserGroup cs8=True cs8Label=UserAuthenticated cs9= cs9Label=ApplicationUser cs10= cs10Label=SourceApplication cs11= cs11Label=OSUser cs12= cs12Label=HostName cs13=wf_settlement cs13Label=Database cs14= cs14Label=Schema cs15=SELECT COUNT(APP_CACHE_VIEW.APP_UID) FROM APP_CACHE_VIEW LEFT JOIN USERS CU ON (APP_CACHE_VIEW.USR_UID=CU.USR_UID) LEFT JOIN USERS PU ON (APP_CACHE_VIEW.PREVIOUS_USR_UID=PU.USR_UID) LEFT JOIN APP_CACHE_VIEW APPCVCR ON (APP_CACHE_VIEW.APP_UID=APPCVCR.APP_UID AND APPCVCR.DEL_LAST_INDEX=1) LEFT JOIN USERS USRCR ON (APPCVCR.USR_UID=USRCR.USR_UID) WHERE APP_CACHE_VIEW.APP_STATUS='TO_DO' AND APP_CACHE_VIEW.USR_UID='2800810224bbdfe1cc8bb02024369548' AND APP_CACHE_VIEW.DEL_FINISH_DATE IS NULL  AND APP_CACHE_VIEW.APP_THREAD_STATUS='OPEN' AND APP_CACHE_VIEW.DEL_THREAD_STATUS='OPEN' cs15Label=RawQuery cs16=select count(app_cache_view.app_uid) from app_cache_view left join users cu on (app_cache_view.usr_uid=cu.usr_uid) left join users pu on (app_cache_view.previous_usr_uid=pu.usr_uid) left join app_cache_view appcvcr on (app_cache_view.app_uid=appcvcr.app_uid and appcvcr.del_last_index=?) left join users usrcr on (appcvcr.usr_uid=usrcr.usr_uid) where app_cache_view.app_status=? and app_cache_view.usr_uid=? and app_cache_view.del_finish_date is ? and app_cache_view.app_thread_status=? and app_cache_view.del_thread_status=? cs16Label=ParsedQuery cs17= cs17Label=BindVariables cs18= cs18Label=SQLError cs19=1 cs19Label=ResponseSize cs20=0 cs20Label=ResponseTime cs21=0 cs21Label=AffectedRows
    Previous
    Next

    Imperva Securesphere Security Gateway

    Imperva SecureSphere Security Gateway

    What is Discovered and Monitored

    Protocol Information Discovered Data Collected Used for
    Syslog (CEF format) Security and Compliance

    Configuration

    Setup in FortiSIEM

    Complete these steps in the FortiSIEM UI:

    1. Go to the ADMIN > Setup > Credentials tab.
    2. In Step 1: Enter Credentials, click New to create a new credential.
      1. Follow the instructions in "Setting Credentials" in the User's Guide to create a new credential.
      2. Enter these settings in the Access Method Definition dialog box:

        SettingValue
        Name<set name>
        Device TypeImperva Securesphere DB Security Gateway
        Access ProtocolSee Access Credentials
        PortSee Access Credentials
        Password configSee Password Configuration
        User NameA user who has access credentials for the device
        PasswordThe password for the user
        Super PasswordPassword for Super
    3. In Step 2: Enter IP Range to Credential Associations, click New to create a new mapping.
      1. Enter a host name, an IP, or an IP range in the IP/Host Name field.
      2. Select the name of your credential created in step 2 from the Credentials drop-down list.
      3. Click Save.
    4. Click the Test drop-down list, and select Test Connectivity to test the connection to Imperva SecureSphere DB Security Gateway.
    5. To see the jobs associated with Imperva, select ADMIN > Setup > Pull Events.
    6. To see the received events select ANALYTICS, then enter "Imperva" in the search box.

    Sample Events

    <14>CEF:0|Imperva Inc.|SecureSphere|11.5.0.20_0|Audit|Audit|Informative|dst=10.2.6.194 dpt=3306 duser=wf_settlement src=10.2.6.48 spt=59876 proto=TCP rt=11 April 2016 14:07:09 cat=Audit Default Rule - All cs2Label=ServerGroup cs3=ProcessMakerDBFX cs3Label=ServiceName cs4=Default MySql Application cs4Label=ApplicationName cs5=642697783064 cs5Label=EventId cs6=Query cs6Label=EventType cs7=Default MySql group cs7Label=UserGroup cs8=True cs8Label=UserAuthenticated cs9= cs9Label=ApplicationUser cs10= cs10Label=SourceApplication cs11= cs11Label=OSUser cs12= cs12Label=HostName cs13=wf_settlement cs13Label=Database cs14= cs14Label=Schema cs15=SELECT COUNT(APP_CACHE_VIEW.APP_UID) FROM APP_CACHE_VIEW LEFT JOIN USERS CU ON (APP_CACHE_VIEW.USR_UID=CU.USR_UID) LEFT JOIN USERS PU ON (APP_CACHE_VIEW.PREVIOUS_USR_UID=PU.USR_UID) LEFT JOIN APP_CACHE_VIEW APPCVCR ON (APP_CACHE_VIEW.APP_UID=APPCVCR.APP_UID AND APPCVCR.DEL_LAST_INDEX=1) LEFT JOIN USERS USRCR ON (APPCVCR.USR_UID=USRCR.USR_UID) WHERE APP_CACHE_VIEW.APP_STATUS='TO_DO' AND APP_CACHE_VIEW.USR_UID='2800810224bbdfe1cc8bb02024369548' AND APP_CACHE_VIEW.DEL_FINISH_DATE IS NULL  AND APP_CACHE_VIEW.APP_THREAD_STATUS='OPEN' AND APP_CACHE_VIEW.DEL_THREAD_STATUS='OPEN' cs15Label=RawQuery cs16=select count(app_cache_view.app_uid) from app_cache_view left join users cu on (app_cache_view.usr_uid=cu.usr_uid) left join users pu on (app_cache_view.previous_usr_uid=pu.usr_uid) left join app_cache_view appcvcr on (app_cache_view.app_uid=appcvcr.app_uid and appcvcr.del_last_index=?) left join users usrcr on (appcvcr.usr_uid=usrcr.usr_uid) where app_cache_view.app_status=? and app_cache_view.usr_uid=? and app_cache_view.del_finish_date is ? and app_cache_view.app_thread_status=? and app_cache_view.del_thread_status=? cs16Label=ParsedQuery cs17= cs17Label=BindVariables cs18= cs18Label=SQLError cs19=1 cs19Label=ResponseSize cs20=0 cs20Label=ResponseTime cs21=0 cs21Label=AffectedRows
    Previous
    Next