Imperva Cyber Community

communities_1.jpg
 View Only

  • 1.  Reporting through PowerBI

    Posted 01-05-2021 10:14
    Can MS PowerBI be used for more comprehensive reporting from the MX's?
    Thanks for any input or advice.

    Richard Sharp
    #DatabaseActivityMonitoring

    #DatabaseActivityMonitoring

    ------------------------------
    Richard Sharp
    Regions Bank
    Hoover AL
    ------------------------------


  • 2.  RE: Reporting through PowerBI

    Posted 01-14-2021 08:42
    Edited by Orkun Utku 01-14-2021 12:23
    Hello Richard,

    I looked for any occurrence of PowerBI usage in cases and knowledgebase. Unfortunately there isn't any example of it.
    I have found some examples for our Cloud Waf solution (using Rest API)

    I don't know the protocols used in PowerBI but we have several options for integrating our solutions with 3rd parties.

    Maybe you have tried it already but it is a very straight-forward process, let me explain it below.

    First of all you have to define Action Interfaces in Admin>System Definitions (point to the host, remove any unnecessary placeholders-determined by the SIEM admin)
      
    1. CEF format is commonly accepted
    2. LEEF format is less common, but used on occasion and we have seen it in the field
    3. Syslog format is commonly accepted
    4. The SIEM admin should know what format they want.  If they don't, sending them events in each format can help them determine which to use.  

    a. Often, the SIEM admin will need to accept traffic/add the MX hostname/IP to known/authorized loggers
    b. If traffic isn’t arriving at the SIEM, either the above is true or else a network issue could be preventing communication
    c. TCPdump-ing the interfaces on both host (MX or gateway) and destination (SIEM) should reveal where the disconnect lies
    If the logging needs to take place from the Gateways due to high volume (audit logging or security event logging), this is configured using a specific action interface (label includes “Gateway log”) and
    in Main>Setup>Gateways>[click on the gateway group or cluster]>In the Details tab>External Logger>Populate the desired transport method (TCP is reliable, UDP is faster, SIEM admin should determine which to use) with host information.

    You may also check the documents and can have an idea about it.
    https://docs.imperva.com/bundle/v13.6-administration-guide/page/6785.htm


    I hope It helps.

    ------------------------------
    Orkun Utku
    ------------------------------

    Original Message


  • 3.  RE: Reporting through PowerBI

    Posted 01-14-2021 09:04
    Edited by Orkun Utku 01-14-2021 12:18
    So IMHO at this stage using a supported platform between Imperva and PowerBI will be one of the ways.

    ------------------------------
    Orkun Utku
    ------------------------------

    Original Message