Imperva Cyber Community

Expand all | Collapse all

Difference between Audit and Event data to SIEM

  • 1.  Difference between Audit and Event data to SIEM

    Posted 12-17-2020 08:36

    Greetings,

    I refer to the picture as attached with a comprehensive overview of the firewall ports needed.

    I noticed that MX will send Event Data to Syslog SIEM, and GW will send Audit data to Syslog SIEM. What is the difference between Audit and Event data?

    Regards 


    #DatabaseActivityMonitoring

    ------------------------------
    Ho Larry
    M.Tech Products
    Singapore
    ------------------------------


  • 2.  RE: Difference between Audit and Event data to SIEM

    Imperva Employee
    Posted 12-18-2020 05:28

    HI

    Event data relates to system events, ie agent, gateway as defined by system events, these can be assigned action sets to send event data to the SIEM

    Audit data relates to the activity from audit policies defined in your Securesphere environment, again action sets can be defined to send audit data to the SIEM

    refer to the database security user guide - placeholders to refine the message sent

    https://docs.imperva.com/bundle/v14.2-database-activity-monitoring-user-guide/page/3672.htm

    Regards



    ------------------------------
    Trevor Jackson
    ------------------------------