Skip to main content
Skip table of contents

LSO : Syslog - Imperva Securesphere (Mapping Doc)

This document explains the changes required to apply new Message Processing Engine (MPE) rules developed during the Log Source Optimization (LSO) project for the Syslog - Imperva Securesphere log source type.

Vendor Documentation

https://docs.imperva.com/bundle/v14.4-web-application-firewall-user-guide/page/3682.htm

Prerequisites

  • Download and apply the Knowledge Base. For more information, see KB Synchronization Settings for LSO.

  • Enable the new MPE rules in the LogRhythm System Monitor.

    • Select log source type Syslog - Imperva Securesphere.

    • Enable log processing policy LogRhythm Default v2.0.

For details on how to enable LogRhythm Default v2.0, see Apply LogRhythm Default v2.0 on a Log Source.

Supported Log Messages

The following table lists the log message types supported in the current MPE rules. Each page contains detailed information on parsing changes and new log processing settings.

Log Message Type

Event Type

Activity Alerts

General Alert Message

Agent And Gateway Status

Link Status

Audit Policy Messages

General Audit Policy Setting

Catch All : Level 1

General Information

Catch All : Level 4

General Firewall Alert

Gateway Alert

Link Status

General HTTP Message

General HTTP Information

General SecureSphere Information

General Information

Imperva Event Tracker Messages

General EventSystem Warning

Imperva V10 Alert

General Alert

Last Message Repeated

Last Message Repeated

Query Executed

Command Executed

SecureSphere Alerts

General Alert

SecureSphere Audit Message

General Audit Message

SecureSphere DB Audit

General Audit Message

Securesphere Network Alert

Network Traffic

SecureSphere System Event

General Information

User Logon Failure

Authentication Failure Activity

Web Application Messages

General Information

Log Processing Policy Updates

This section details log processing policy updates made to AIE Rules, system reports, system investigations, system report templates, and system tails as part of LSO.

Updates to AIE Rules

  • No changes

Updates to System Reports

  • No changes

Updates to System Investigations

  • No changes

Updates to System Report Templates

  • No changes

Updates to System Tails

  • No changes

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close