Imperva Cyber Community

Expand all | Collapse all

Using Elastic-Stack for processing audit archive files

  • 1.  Using Elastic-Stack for processing audit archive files

    Posted 06-30-2020 17:09
    Hi All,

    I was recently told by support that the EX (Events Platform) product is no longer supported.
    They offered using a 3rd-party tool named Elastic-Stack instead, in order to process and search through large amounts of audit archive files.

    While I'm just beginning to explore this tool I wonder if anyone has any experience with it and can share some best practices / tips specifically for processing those MPRVs archive files..

    Thanks,
    Roee



    #DatabaseActivityMonitoring

    ------------------------------
    Roee Sharon
    RSECURE
    ------------------------------


  • 2.  RE: Using Elastic-Stack for processing audit archive files

    Imperva Employee
    Posted 07-07-2020 02:59

    Hi Roee,

    Thanks for the post. We are offering integration with ELK stack to allow for processing audit archives. The pack along with instructions for deployment of the ELK stack in itself is in Imperva's github repository:

    https://github.com/imperva/elk-plugin-pack

    The ability to use this for MPRV archives is coming soon (current ETA is H2), but it currently works via syslog messages. The syslog template is also documented in the github repo. I would recommend starting with the Quick Start Guide (https://github.com/imperva/elk-plugin-pack/blob/master/Imperva%20Open%20Reporting%20Quick%20Start%20Guide.docx) in the repository.

    Rajaram Srinivasan | Senior Product Manager



    ------------------------------
    Rajaram Srinivasan
    ------------------------------