Imperva Cyber Community

 View Only

How to integrate DRA (Data Risk Analytics) with DSF (Data Security Fabric)

By Jazmine Reynolds posted 11-28-2022 06:58


How to integrate Data Risk Analytics (DRA) with Data Security Fabric (DSF)

Data is a core element for every business. There is an increasing demand to integrate systems for a better and more secure data flow. In this article, the training team provide a step by step guide on how to integrate Imperva’s Data Risk Analytics (DRA) with your Data Security Fabric (DSF). This is just one of the items covered in our Imperva training courses. Visit out training catalog or Contact

Integrating DRA with DSF

Imperva Data Security Fabric* combines the granularity of Imperva Agent Gateways and Agents with the flexibility of Sonar Agentless auditing and insights provided by Imperva Data Risk Analytics** to form a robust and flexible solution for monitoring, auditing and reporting on your data assets across your data estate.

There are two use cases when it comes to integrating DRA with DSF. The first use case is to send incidents from the DRA admin to the DSF hub for improved reporting and the second use case is to send DSF audits logs to DRA for improved DB coverage.


Use case 1 – DRA to DSF hub (Formerly Sonar)

Here are the steps for DRA to DSF hub integration

  1. Set up DRA 4.1 or above (the minimum requirement is DRA 4.1)
  2. Access your DRA admin page
  3. Configure the DSF hub IP address for sending. Note that you can only send incident information to DRA
  4. Open the port at the DSF hub site or the sonar warehouse site
  5. Once you send incident information from DRA to the DSF hub it appears on the DSF hub dashboard
  6. The incidents on the dashboard would appear based on severity, closed incidents, opened incidents, DB type, etc.
  7. The dashboard is customizable, which enables improved reporting

Use case 2 – DSF hub (Sonar) to DRA

For our second use case, we need to send DSF audits logs to DRA for improved DB coverage. To do this we need to integrate DSF with DRA following these steps

  1. The first step is to configure the Assets you want to send to DRA at the DSF hub
  2. For example, if you have multiple assets you need to select your desired asset
  3. Click on the three dots by the asset
  4. Follow the instructions that pop up
  5. Note that this does not send the information or data to DRA yet. It only tells DSF hub/Sonar that data is about to be sent to DRA
  6. From your dashboard access, the discover page
  7. From the Discover page, choose from the DRA-supported server type. Currently, there are 18 supported server types and this can be changed over time
  8. The next step is to access the Sonar Warehouse or the DSF hub and configure the spectra configuration file
  9. After configuring, restart the service.

Data preparation

For the DSF hub to send information to DRA seamlessly we need to perform the key exchange between the DSF hub and the DRA analytics server. This means that it runs an SSH key-based authentication instead of password-based authentication.

  1. The next step is to prepare the data. For this, we need the three connections on the DSF hub side and we need the Audit AA1, Audit policies, and Audit LL2 from the DRA side
  2. Now go to the Sonar scheduler screen and search for DRA jobs
  3. Resume all jobs by clicking on resume (The Jobs would likely be in a pause state)
  4. A pop-up will show up asking you if you want to resume all jobs
  5. Click on yes to resume all jobs in one action
  6. Once all jobs are prepared it is time to send the jobs or files to DRA
  7. There would be two jobs: AA1 jobs and LL2 jobs
  8. For the default schedule, AA1 jobs are run every 6 hours while LL2 is run every day at 4 am
  9. You can create your own schedule jobs to suit your data needs
  10. Next, go to the DRA pipeline status dashboard to check all the information on all scheduled jobs
  11. Next step, access the dispatch log file within the DSF hub to get notified on the status of the jobs
  12. If successful you’d get a message saying “The AA1 job has started and has been copied to the DRA directory”. If not successful you’d get an error message with the stated error.


Through the new release of Imperva Data Security Fabric, IT teams will be able to easily integrate and deploy solutions to meet their data security requirements. This integration incorporates a wide range of technologies that would have been hard to achieve otherwise into an easy-to-deploy and manage solution. The Imperva Data Risk Analytics implementation with DSF is a powerful framework that can help organizations monitor, audit and report on the vast amount of data they have while giving users control to protect the information they use with access controls and directly restricting inappropriate activities.

More info...
*What is Data Risk Analytics by Imperva?

Data Risk Analytics is a key feature of Imperva Data Security that provides security insights that can be acted upon immediately. In contrast to user behavior analytics tools, Imperva's Data Risk analytics creates a contextual baseline of behavior based on both user behavior and data access activities, and can identify critical threats to data by learning what sensitive data has been touched and by whom and when. Itcan also learn how data is used and accessed. This approach cuts through the noise and prioritizes a few high-risk incidents that need to be investigated immediately. As a result of this feature, the security team can uncover and contain potential breaches more effectively, giving CISOs and CIOs greater confidence that they will be able to prevent data breaches in the future.

**What is Data Security Fabric?

A Data Security Fabric is a comprehensive security solution that ties together disparate security applications and services to provide a unified view of an organization's data security posture. By integrating with existing IT infrastructure, the data security fabric can provide real-time visibility into all activity related to sensitive data, including user and entity behavior analytics, data discovery, and file activity monitoring. 

Data security fabric can be deployed on-premises or in the cloud and is designed to be scalable so that it can grow with an organization's needs. It offers a management console for configuring and administering all security policies, as well as for generating reports on compliance and risk.

Extra Links/Resources Section


#DSF #DSFHub #integration​​​​



12-07-2022 04:35

Great article Jazmine, thank you!

12-06-2022 23:43

This is very helpful and easy to understand.