Hi Assem,
Two quick thoughts...
1) If you're questioning the alert because, you know for a fact that there has been traffic that's configured to be monitored, that you received this alert (and also if the traffic was not in fact audited), I recommend that you open a case with Imperva Support.
2) If you're concerned that the alert is indicating an auditing/security problem (because data is not being monitored), there are actually many potential troubleshooting steps to consider. However, if you can, I'd start at the beginning and review the agent configuration of configured/detected DB interfaces, and then (if possible) validate a connection and query to that DB interface directly or via a DBA, etc...
Since it's been a little while, can you share an update on where you're at with this issue, and share any additional details or troubleshooting steps? I'm a fan of the basic troubleshooting steps/documentation of:
- what did you expect to happen,
- what really happened, and
- what steps can you take to duplicate the issue (and/or share a screenshot or video if applicable)
.
We're looking forward to your update/feedback.
Thanks,
------------------------------
John Thompson
Director, Channel Presales
Imperva
San Diego CA
------------------------------
Original Message:
Sent: 04-09-2024 08:32
From: Assem Adel
Subject: Agent hasn't captured traffic on any of the monitored interfaces
Dear All,
Any work around for the below alert :
Agent hasn't captured traffic on any of the monitored interfaces for the last 250 minutes. This might be caused by a change in the Secure Sphere configuration or in the configuration of the protected server
Regards,
#DatabaseActivityMonitoring
------------------------------
Assem Adel
Cairo
------------------------------