Imperva SecureSphere Dashboard report Configuration...!!
Recently we have Configured WebAccess Firewall and Data Access Monitering Imperva Products,I have Integrated to RSA enVision and Getting Logs through RSA ,But My challange is I need to Create DashBoard Graphs/reports Anyone Can you Please Help me on this
While creating a report what option i ve to choose for these both (DAM and WAF)...if any information avilable in Internet on this please share the link atleast
Thanks in Advance
- Community Thread
- Forum Thread
- RSA enVision
First at all. You need to verify if you are getting the data where you need. Imperva Products should be recognized as Imperva SecureSphere devices.
So, Check in Overview --> System Configuration --> Messages --> Messages to Parse to see where the data is stored.
In this case (just example) you must look in Application Firewalltable and filter the data what you are looking.
When you get the data what you are looking for, you can configure your dashboard report in Overview --> Dashboard Items --> Dashboard Reports --> Create new report and enable it on Overview --> Dashboard Items --> Dashboard Reports --> Manage Dashboard
Thanks for your Help on this ,Please Understand my Issue which i have facing now(Please Find the Attached Screenshots:
Overview --> System Configuration --> Messages --> Messages to Parse
it is showing some msgs.But when i am going to reports there , In Application Firewall there is no option like IMPERVA or something else .
I have tried to Create a new report,But not succeed please Help me out to create a reports if report is avilable i can map to dashboard reports.
and existing reports not working also i tried to modify them...
How to create a new report in this scenario
i tried in sevaral ways to create a new report could you help me on this way....
Fact 1: Imperva Devices record their LOGs into two tables (Application Firewall and Database), others devices (other than Imperva) can write their LOGs in the same tables.
Fact2: There are not exist a default report for Imperva devices, you must create your own.
Fact 3: You must filter what you need in the SQL section of report. For example if you want make a report for Imperva data recorded into Application Firewall table, you must create a new report for that table and filter using SQL statement. A quick way to look for how to apply the filter is running Querys into the Analysis Tab, before to apply into the report. This must apply for Imperva data recorded into Database table as well.
HI Delfin Abzueta,
In analasys Tab Event Viewer->Message View and Grapg View Log getting from Imperva SecureSphere But Comes to QueryI tried to Genarate report, Its Showing Error "The result set is Empty.No Data CouldBe Found Using The Given Creteria".
Can you post some examples (print screen) from data collected in message view and criteria used in query. If you wish, You can hide any sensitive data from the print screen.
Hi Delfin Abzueta,
Thanks For Your Reply,...Please Ckeck The Attached Log Samples And Screenshots..
Case 1:- with out apply any filter tried to genarate report...there is no report the same error
case2:-Allplied different Queries tried ,same error..
|2014/05/14 12:14:01.234 IST||X.X.X.X||%IMPERVA-Imperva,dstIP=X.X.X.X,dstPort=1433,dbUsername=Hashed User (unknown server SSL certificate),srcIP=X.X.X.X,srcPort=61594,creatTime=14 May 2014 06:28:14,,srvGroup=Ebanking_DB_DC,service=MSSQL,appName=Default MsSql Application,event#=1367010823931247844,eventType=Login,usrGroup=Default MsSql group,usrAuth=True,application="",osUsername=,srcHost=,dbName=forbescdk,schemaName=,bindVar=,sqlError=,respSize=0,respTime=1,affRows=0,action="N/A (login)",rawQuery=""|
|2014/05/14 12:14:01.234 IST||X.X.X.X||%IMPERVA-Imperva,dstIP=X.X.X.X,dstPort=1433,dbUsername=Hashed User (unknown server SSL certificate),srcIP=X.X.X.X,srcPort=61594,creatTime=14 May 2014 06:28:14,,srvGroup=Ebanking_DB_DC,service=MSSQL,appName=Default MsSql Application,event#=1367010823931247845,eventType=Query,usrGroup=Default MsSql group,usrAuth=True,application="",osUsername=,srcHost=,dbName=forbescdk,schemaName=,bindVar=,sqlError=,respSize=0,respTime=1,affRows=0,action="set transaction isolation level read committed set implicit_transactions off",rawQuery=" set transaction isolation level read committed set implicit_transactions off "|
1) Checking the device ---> looks good.
2) Checking the device group ---> looks good.
3) Checking the device class definition ---> looks good, but you must to take into account the following: Even if the device appears as Security.Application Firewall class, the process of parsing will save data into Application Firewall table or into Database table, only and just only if the message was correctly parsed, if didn't the process do not save any data into tables. - Please double check into overview --> messages --> messages to parse to look for any messages that you are searching.
4) Try to run a query using the Database table without filters. Just to see what you get. If you get something usable, then apply filter.
5) Just in case, the correct way to use the filter is '%3670108239312478%' on the Message field not into the Message ID field. If you get something querying the Database table without filter, you will see what to put (or use) into the Message ID field for faster response.
Please give it a try and post your result to try to help you.
double check into overview --> messages --> messages to parse to look for any messages that you are searching, because the version of device definition that you are using just recognize 13 types of messages coming from Imperva devices.
Hi Delfin Abzueta,
Thanks for your reply please help me more on this...
I understand that the process of parsing will save data into Application Firewall table or into Database table.
I found that in Application Firewall table there is no data(without any filter)But i'm getting Event data into database table(please check the below attached screenshots),hence realized that There is no Parsing data into App Firewall Table
If the parsing mesage didn't save the data in to Application filrewall,How can i'm able to view the Logs in Analysis->Message view->(check the below screenshots)
i can able to getting Application Firewall messages aswell as database messages here But Unable to getting in the same in Query.
and How can i create a report from this Raw messages which i am able to getting in Analysis->message view->Imperva(Device type)->WAF(Device)--reffer above screenshots