Imperva Cyber Community

communities_1.jpg
 View Only

  • 1.  Log integration

    Posted 08-10-2021 16:57
    Does anyone use the pull mode for Attack Analytics?
    #AttackAnalytics

    ------------------------------
    Richard Harrison
    Information Security Analyst
    Great Neck NY
    ------------------------------


  • 2.  RE: Log integration

    Posted 08-11-2021 07:49

    Thanks for the post, Richard. Let's see if I can find users using pull mode. It may be useful to provide a little more detail as to what you're hoping to find out. 

    @Tushar Sawant and @Roee Sharon - do you use pull mode?

    I've noticed you comment on #AttackAnalytics​​​​ before so though you may have insight for Richard. :-)

    ​Thanks.​

    ------------------------------
    Sarah Lamont(csp)
    Digital Community Manager
    ------------------------------

    Original Message


  • 3.  RE: Log integration

    Posted 08-11-2021 09:13
    @Sarah Lamont I am looking to see if anyone is getting Attack Analytics logs from their cloud WAF with pull mode for SIEM integration. If yes, are they running the WAF python script and Attack Analytics script on the same server?​

    ------------------------------
    Richard Harrison
    Information Security Analyst
    Great Neck NY
    ------------------------------

    Original Message


  • 4.  RE: Log integration

    Posted 08-18-2021 07:54
    i believe the that once you enable the AA logs , you can choose the API mode which is the pull one
    Please https://docs.imperva.com/bundle/Attack-Analytics/page/Content/attack_analytics/logs.htm

    ------------------------------
    Gil Osovsky (csp)
    Manager, TAM EMEA & APJ
    Tel Aviv CA
    ------------------------------

    Original Message


  • 5.  RE: Log integration

    Posted 08-18-2021 09:09
    Thank you Gil. I found some documentation on Imperva's site.

    ------------------------------
    Rich
    Information Security Analyst

    ------------------------------

    Original Message