HI
Event data relates to system events, ie agent, gateway as defined by system events, these can be assigned action sets to send event data to the SIEM
Audit data relates to the activity from audit policies defined in your Securesphere environment, again action sets can be defined to send audit data to the SIEM
refer to the database security user guide - placeholders to refine the message sent
https://docs.imperva.com/bundle/v14.2-database-activity-monitoring-user-guide/page/3672.htm
Regards
------------------------------
Trevor Jackson
------------------------------
Original Message:
Sent: 12-17-2020 08:35
From: Ho Larry
Subject: Difference between Audit and Event data to SIEM
Greetings,
I refer to the picture as attached with a comprehensive overview of the firewall ports needed.
I noticed that MX will send Event Data to Syslog SIEM, and GW will send Audit data to Syslog SIEM. What is the difference between Audit and Event data?
Regards
#DatabaseActivityMonitoring
------------------------------
Ho Larry
M.Tech Products
Singapore
------------------------------