Imperva Cyber Community

View Only

Back to discussions

Expand all | Collapse all

Count of number of alerts from MX

1. Count of number of alerts from MX

0 Like
Rakesh Chinta
Posted 03-31-2020 00:59
Hi All,

Request your suggestions on
-how to find total number of alerts(count of alerts) in MX per day or last day or for a particular day.

Can we get these details from MX GUI ? or need to CLI to get these details.

kindly help!

#DatabaseActivityMonitoring
2. RE: Count of number of alerts from MX

0 Like
Christopher Detzel
Posted 03-31-2020 12:08
@Ira Miga can you help?

------------------------------
Christopher Detzel
Community Manager
Imperva
------------------------------

Original Message
3. RE: Count of number of alerts from MX

1 Like
Trevor Jackson
Posted 04-01-2020 09:23
Take a look a the default reports type "alerts", data scope = last X number of days or time frame. This would give you a report on all alerts unless you filtered otherwise.

------------------------------
Trevor Jackson
------------------------------

Original Message
4. RE: Count of number of alerts from MX

3 Like
Jason Park
Posted 04-02-2020 10:40
Edited by Jason Park 04-02-2020 10:41
One thing to note from previous experience... it is best to schedule a report for a previous day close to the beginning of a day (e.g. around 12:00am) and use the previous one day filter. Then just make sure you have a followed action with the email type and email it to yourself each morning when it is completed, or store it to a shared location. This way you get as accurate of a number as possible without having to specify specific time periods. Keep in mind that the previous day filter takes information from when you start the report back however many days... so if you run the report at 8:00am, you may get results that differ rather than if you run the report at 12:01am... at least this is how it has been for the longest time, unless one of the Imperva guys knows that this changed in the current versions. I have this exact type of report scheduled in our environment too, for tracking purposes.

Idea one: If you do it as a CSV, then place all of those files into a centralized location and run a script to batch process the numbers from the CSV files, you can also get other types of statistics such as weekly, monthly, or yearly reports. This is helpful if you have a high volume of alerts and the alert data purges quickly,

Idea two: If you have any other services such as ThreatRadar, you can potentially also setup a Data Type to capture the different types of alerts to see the value of that service within your environment. In our environment I have the CSV spit out three fields for my daily counts, how many events were blocked by ThreatRadar, how many events were blocked by all other policies, and how many were simply alerts without being blocked. From this you can have a good 100k foot view of what is going on in your environment on a daily report.

------------------------------
Jason Park
County of Los Angeles
CA
------------------------------

Original Message

Imperva Cyber Community

Count of number of alerts from MX

Rakesh Chinta03-31-2020 00:59

Christopher Detzel03-31-2020 12:08

Trevor Jackson04-01-2020 09:23

Jason Park04-02-2020 10:40

1. Count of number of alerts from MX

2. RE: Count of number of alerts from MX

3. RE: Count of number of alerts from MX

4. RE: Count of number of alerts from MX

Contact Us

Membership

Privacy & Terms