Message Image

Skip main navigation (Press Enter).

Imperva Cyber Community

View Only

Back to discussions

Expand all | Collapse all

Difference between Audit and Event data to SIEM

Ho Larry12-17-2020 08:36

Greetings, I refer to the picture as attached with a comprehensive overview of the firewall ports ...

Trevor Jackson12-18-2020 05:28

HI Event data relates to system events, ie agent, gateway as defined by system events, these can be ...

1. Difference between Audit and Event data to SIEM

0 Like
Ho Larry
Posted 12-17-2020 08:36
Greetings,

I refer to the picture as attached with a comprehensive overview of the firewall ports needed.

I noticed that MX will send Event Data to Syslog SIEM, and GW will send Audit data to Syslog SIEM. What is the difference between Audit and Event data?

Regards

#DatabaseActivityMonitoring

------------------------------
Ho Larry
M.Tech Products
Singapore
------------------------------
2. RE: Difference between Audit and Event data to SIEM

0 Like
Trevor Jackson
Posted 12-18-2020 05:28
HI

Event data relates to system events, ie agent, gateway as defined by system events, these can be assigned action sets to send event data to the SIEM

Audit data relates to the activity from audit policies defined in your Securesphere environment, again action sets can be defined to send audit data to the SIEM

refer to the database security user guide - placeholders to refine the message sent

https://docs.imperva.com/bundle/v14.2-database-activity-monitoring-user-guide/page/3672.htm

Regards

------------------------------
Trevor Jackson
------------------------------

Original Message

Powered by Higher Logic