Imperva (WAF) Template

Using the Standard Datasource

The following table shows the Notification Events on which the template can be used to control the information that is received and actioned in your security schema.

Action	Subaction	Condition (Line Matching)
System Management
Software Notification	Firewall Event	.cat=Alert .cs3Label=Description
Software Notification	Security Event	.cat=Alert .cs3Label=ServiceName
Software Notification	System Event	.cat=SystemEvent.

Variable Selections and Mapping

These fields configure how the original event fields are mapped into the normalized variables using the CEF Syslog Receiver. If you want to enrich the event using default values, leave the "Value" text box empty and the configured "Default Value" will be used instead.

VARIABLE	VALUE
Event Time (Source Timezone)	[Event.Event_Time_(Source_Timezone)]
Event timezone offset	[Event.Event_timezone_offset]
Source Machine IP Address	[CEF.src]
Destination Machine IP Address	[CEF.dst]
Protocol	[CEF.proto]
Complete Message	[Event.Raw_Message]
User Name	[CEF.duser]
Variable 01	[CEF.cs1Label] [CEF.cs1]
Variable 02	[CEF.cs2Label] [CEF.cs2]
Variable 03	[CEF.cs3Label] [CEF.cs3]
Variable 04	[CEF.cs4Label] [CEF.cs4]
Variable 05	[CEF.cs5Label] [CEF.cs5]

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
Version: 6.9 | April 2024