Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  DAM alert number not getting on arcsight SIEM and logs are getting delay

    Posted 04-15-2021 05:15
    Hello Team,

    I have integrated DAM server with  Arcsight SIEM for Violation alert. All the triggered violation alerts are getting forwarded to SIEM tool.
    But we are not getting alert number on SIEM tool and logs are getting delay . Hence we are not able to corelate the incident number with alert number.

     I am using CEF format for the same. please share if url is available for configuration and help me to resolve it.

    Thanks & Regards,
    Bachchulal Varma
    9930555268
    #DatabaseActivityMonitoring

    ------------------------------
    Bachchulal varma
    Inspira enterprise pvt ltd
    ------------------------------


  • 2.  RE: DAM alert number not getting on arcsight SIEM and logs are getting delay

    Posted 04-15-2021 05:28
    Hi,

    You can use the following guide for configuration of CEF format. It explains how to use placeholders and their descriptions.

    https://docs.imperva.com/bundle/v14.3-database-activity-monitoring-user-guide/page/3673.htm

    ------------------------------
    Cezmi Cal
    technical support engineer
    Barikat Cyber Security
    Ankara
    ------------------------------