Hello
@Paul Hammons, is it possible one signature can be found in parsed query, but not in query?
I believe this was the issue because i had changed the signature from match: Query and Parsed Query, to only match:Query.
Also, it was a gateway overload but the overload happened one day before the missing audit. Is it possible the Gateway can maintain a state when certain signatures are not audited after overload?
@CJ Kuo i am curious to see how have you implemented for the audit to take precedence over the alarm in the case of gateway overload.
Best,
------------------------------
Sabajete Elezaj
SNT Albania
------------------------------
Original Message:
Sent: 02-01-2021 13:03
From: Paul Hammons
Subject: Signature mached/not-matched
CJ,
Without further technical details, it would be difficult to speculate on which function was involved during the overload. This would require a ticket with support and a logs analysis to determine the specifics. There are a few different avenues that we protect and prioritize data, depending on when the overload is occurring and why.
------------------------------
Paul Hammons
Imperva Senior Sales Engineer
Cape Coral, Florida
Original Message:
Sent: 01-27-2021 22:06
From: CJ Kuo
Subject: Signature mached/not-matched
We have a case where audite will take precedence over the alarm in the case of gateway overload
Or is the signature match timed out?
------------------------------
CJ Kuo
Ciphertech
Taipei
Original Message:
Sent: 01-15-2021 05:46
From: Sabajete Elezaj
Subject: Signature mached/not-matched
Hello,
I created and applied a signature, and was working great. Audit policies were capturing data as expected.
I noted one specific day, the specific signature was not captured globally, meaning in 3 active Audit Policies.
Next day it was captured okay, without changes made.
Any ideas why it may happen?
Best,
#DatabaseActivityMonitoring
------------------------------
Sabajete Elezaj
SNT Albania
------------------------------