Documentation Center
AlienVault® USM Appliance™

Imperva SecureSphere

When you configure Imperva SecureSphere to send log data to USM Appliance, you can use the Imperva-securesphere plugin to translate the raw log data into normalized events for analysis.

Device Details
Vendor Imperva
Device Type Appliance Firewall
Connection Type Syslog
Data Source Name Imperva-securesphere
Data Source ID 1679

Integrating Imperva SecureSphere

Before you configure the Imperva SecureSphere integration, you must have the IP Address of the USM Appliance Sensor.

Imperva SecureSphere offers four different types of events that you can capture, each requiring a slightly different configuration:

  • Security Events
  • Custom Security Events
  • Firewall Security Events
  • System Events

Note: See the Imperva SecureSphere Configuration Guide for more information.

To configure Imperva SecureSphere to send log data to USM Appliance

To configure Imperva SecureSphere to send syslog messages, based on the CEF standard, whenever a new event occurs:

  1. Define a new Action Set and configure the following parameters:
    • Name: The action set name, for example, "security_syslog".
    • Syslog Host: The IP address or host name of the Syslog server.
    • Syslog Log Level: The Syslog log level.
    • Message: The CEF message for a security event (alert).
    • Facility: The facility name that you want.

    Note: For the Syslog Host entry, the IP address or host name you specify is the IP address or host name of the USM Appliance Sensor.

  2. Edit the security policies and modify the Followed Actions for those that you want to send to Syslog when a violation occurs. Use the action set defined for security events in step 1.

    When a security violation occurs, Imperva SecureSphere will generate an alert and send a Syslog message to USM Appliance.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://www.imperva.com/docs/SB_Imperva_SecureSphere_CEF_guide.pdf

For troubleshooting, refer to the vendor documentation:

https://www.imperva.com/Services/TechnicalSupport