Imperva Cyber Community

Expand all | Collapse all

SOM Security Policy action not getting emailed

  • 1.  SOM Security Policy action not getting emailed

    Posted 15 days ago
    Hi,
    I have configured the security policy in SOM for multiple login attempt and it is getting pushed to MX and the alerts / violations are showing correctly.  Under Match Criteria tab, the action = none, Followed Action = configured for email , Severity was medium and i changed it to Informative and Enabled = Yes. There is no issue with emailing. The Apply To tab is set correctly to reflect the relevant MXs. We get email alerts for some cases like ASM but not for application users. The only Match Criteria are "Authentication Result" = failed, Event Type = login and Number of Occurrences = 5 in 300 seconds. I added a Database and Schema to test. When i try more than 5 times the alerts and violations are showing up under Monitor tab correctly but the email is not getting sent.

    Any ideas?
    #DatabaseActivityMonitoring

    ------------------------------
    G K
    ------------------------------


  • 2.  RE: SOM Security Policy action not getting emailed

    Imperva Employee
    Posted 15 days ago
    Hi G K,

    sounds like you've configured your Policy right, it's just that the emails are not sent through your SMTP relay?
    If you can confirm that Alerts are raised on events matching your Policy criteria, then the next step is to verify whether the SOM is added as a smart host on your SMTP server as the SOM does not currently support SMTP authentication.

    Let us know how you get on.

    ------------------------------
    Pal Balint
    ------------------------------