Every audit policy that was configured for the database server is archiving separately to file.
You can copy the backup file via scp/cifs/nfs/ftp manually or automatically after backup is done.
So, when you create a new audit policy (menu Policies -> Audit) on ARCHIVING tab, you can attach archiving action set.
System logs from IMPERVA mgmt and gtws you can archive too, but it is another way.
------------------------------
Karol Gruszczynski
IT SECURITY EXPERT
Warsaw
------------------------------
Original Message:
Sent: 08-27-2021 05:54
From: sukhmeet singh
Subject: What to set as log forwarding or backup in DAM
Thanks Karol,
May i ask, if these audit logs are specific to Imperva mgmt and gateways or it includes logs for the audit policies configured for database servers?
Regards
------------------------------
[Karl] [barg]
Original Message:
Sent: 08-25-2021 06:48
From: Karol Gruszczynski
Subject: What to set as log forwarding or backup in DAM
Hi,
The best practice is to send all necessary security logs to SIEM. Still, all audit logs from the audit policies should be archiving every day by the native IMPERVA backup mechanism.
It is the best way because you do not lose your SIEM license for audit logs.
Have you thought about changing the license to a subscription model? There is JSonar - I think the best DAM tool on the market.
JSonar is implemented with KIBANA and MongoDB. It is more modern and faster than Imperva DAM. It is possible to send all DB Audit logs from MX to Jsonar as a syslog log.
------------------------------
Karol Gruszczynski
IT SECURITY EXPERT
Warsaw
Original Message:
Sent: 08-25-2021 06:15
From: sukhmeet singh
Subject: What to set as log forwarding or backup in DAM
Hi All,
I have a query around configuring archive/backup in DAM. In my understanding we just need to backup alerts, warning in DAM and I am configuring log forwarding to capture these alerts warning in our SIEM where this data will be available for 6 months or more. wanted to understand if my approach is correct or do we need to have separate archiving method dedicated for DAM?
Thanks in advance!
#DatabaseActivityMonitoring
------------------------------
[Karl] [barg]
------------------------------