Imperva Cyber Community

Expand all | Collapse all

DAM alert number not getting on arcsight SIEM and logs are getting delay

  • 1.  DAM alert number not getting on arcsight SIEM and logs are getting delay

    Posted 30 days ago
    Hello Team,

    I have integrated DAM server with  Arcsight SIEM for Violation alert. All the triggered violation alerts are getting forwarded to SIEM tool.
    But we are not getting alert number on SIEM tool and logs are getting delay . Hence we are not able to corelate the incident number with alert number.

     I am using CEF format for the same. please share if url is available for configuration and help me to resolve it.

    Thanks & Regards,
    Bachchulal Varma
    9930555268
    #DatabaseActivityMonitoring

    ------------------------------
    Bachchulal varma
    Inspira enterprise pvt ltd
    ------------------------------


  • 2.  RE: DAM alert number not getting on arcsight SIEM and logs are getting delay

    CHAMPION
    Posted 30 days ago
    Hi,

    You can use the following guide for configuration of CEF format. It explains how to use placeholders and their descriptions.

    https://docs.imperva.com/bundle/v14.3-database-activity-monitoring-user-guide/page/3673.htm

    ------------------------------
    Cezmi Cal
    technical support engineer
    Barikat Cyber Security
    Ankara
    ------------------------------