Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  DAM Agent no traffic alerts

    Posted 30 days ago

    Dear Team,

    By default DAM agent generates an alert every 30 minutes in activity logs if there's no activity on Database, how do i change this setting to like 60 minutes or 120 minutes ?


    #ImpervaAgent

    ------------------------------
    Pradeep Godala
    consultant
    ICICI Bank Limited
    Mumbai Maharashtra
    ------------------------------


  • 2.  RE: DAM Agent no traffic alerts

    Posted 26 days ago

    Hi Pradeep,

    you can try following advanced config parameters for related agent:

    <system-events-no-traffic-threshold-minutes>30</system-events-no-traffic-threshold-minutes>
    <system-events-no-traffic-aggregation>21600</system-events-no-traffic-aggregation> -> you should set time as second

    please inform me about the results.



    ------------------------------
    Cezmi Cal
    Consultant
    Barikat Internet Guvenligi Bilisim Ticaret A.S.
    Ankara
    ------------------------------



  • 3.  RE: DAM Agent no traffic alerts

    Posted 26 days ago

    Hi Pradeep,

    Could you share the file name to change the parameter (advanced config parameters), please?
    Thank you so much for your help.
    Have a great week!

    Best regards,



    ------------------------------
    Wagner de Oliveira
    ------------------------------



  • 4.  RE: DAM Agent no traffic alerts

    Posted 26 days ago

    The efault alert time is 30 minutes & and the aggregation time is 360 minutes, then the first alert will be triggered after 30 minutes , and the second alert will be triggered after 360 minutes.

    Therefore the second alert will be like: "No Agent traffic detected for 390(30+360) minutes".   

     

    In order to modify these values, simply add the following lines to the "Advance Configuration" section:

    <system-events-no-traffic-threshold-minutes>X</system-events-no-traffic-threshold-minutes> - note this value is in minutes

    <system-events-no-traffic-aggregation>X</system-events-no-traffic-aggregation> - note this value is in seconds (360 minutes =21600 seconds)

     

     

    To disable Agents from sending system events when no traffic is seen, add the following line to the "Advance Configuration" section:

     <system-events-no-traffic-enable>false</system-events-no-traffic-enable> 

    I hope this helps



    ------------------------------
    Sarvesh Lad
    Tech Lead @ On-Prem Managed Services (WAF, DAM, DRA & Sonar)
    ------------------------------