Imperva Cyber Community

Expand all | Collapse all

Imperva´s Agent

  • 1.  Imperva´s Agent

    Posted 28 days ago
    Good afternoon;

    I have some questions about Imperva´s agent:

    AGENTS

    -How can we measure the amount of CPU/RAM Imperva's agent need to work in a specific environment? (Further standard requeriments).

    -Beyond the agent System Events and the Mx graphics of the agent how can we monitor the agent performance externally?

    -Is there any way for the agent to change its status automatically from Disabled to Running or it must be manually done? (Im building a State-Transition Diagrams).

    Regards;







    #ImpervaAgent

    ------------------------------
    Marcos Sanz
    Security Project Manager
    Telefonica Spain
    Madrid
    ------------------------------


  • 2.  RE: Imperva´s Agent

    Imperva Employee
    Posted 25 days ago

    Thank you, Marcos, for your questions.

    Our Agents have been designed to cause a minimum impact in the performance of the DB they are monitoring.

    Agent CPU utilization is typically within 3% of the CPU of the DBs and it should not cause any degradation in normal operations.

    Due to the dynamic nature of DB monitoring, the Agent CPU utilization fluctuates, and thus the need to implement some restraining mechanisms, like CPU capping.

    Please refer to the following link in our online documentation https://docs.imperva.com/bundle/v14.1-database-activity-monitoring-user-guide/page/9460.htm

    Agents also have a memory limit to use in both the user and the kernel space, and those value are set automatically during the installation of the Agent.

    Kernel memory allocation depends on the number of cores of the DBs, and it is typically within 500 MB to 1.5 GB for 128 cores.

    Although these restraining parameters can be modified, we strongly recommend finding a direct recommendation from our Support team on a per case basis.

     

    To externally monitoring some of the Agent System events, it is normal practice to push those events to SIEM systems, using System Event Policies. 

    Several Agent events can be adding to these policies, and some information is available here, https://docs.imperva.com/bundle/v14.1-database-activity-monitoring-user-guide/page/System_Event_Policies.htm

    It is also possible to run On-Prem API, to get and modify the current configuration of some of the Agent parameters, in particular CPU usage restraining configuration.

    Please refer to the following link in our online documentation,  https://docs.imperva.com/bundle/v14.4-dam-api-reference-guide/page/65315.htm

     

    Agents are constantly running internal processes to assess their current state of health. When the conditions that brought the Agent from a Running to a Disconnection status are fixed, the Agent will eventually modify its status from Disabled to Running or Running with Errors. Nevertheless, as these Disabled conditions are present due to a change in a previous stable configuration, it is recommended to reset the Agent via the MX GUI or via API requests, to bring it to a Running state.



    ------------------------------
    Diego Roa
    Product Support Engineer
    Imperva Inc
    Redwood Shores CA
    ------------------------------