Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  DAM Agent no traffic alerts

    Posted 09-12-2024 05:41

    Dear Team,

    By default DAM agent generates an alert every 30 minutes in activity logs if there's no activity on Database, how do i change this setting to like 60 minutes or 120 minutes ?


    #ImpervaAgent

    ------------------------------
    Pradeep Godala
    consultant
    ICICI Bank Limited
    Mumbai Maharashtra
    ------------------------------


  • 2.  RE: DAM Agent no traffic alerts

    Posted 09-16-2024 07:30

    Hi Pradeep,

    you can try following advanced config parameters for related agent:

    <system-events-no-traffic-threshold-minutes>30</system-events-no-traffic-threshold-minutes>
    <system-events-no-traffic-aggregation>21600</system-events-no-traffic-aggregation> -> you should set time as second

    please inform me about the results.



    ------------------------------
    Cezmi Cal
    Consultant
    Barikat Internet Guvenligi Bilisim Ticaret A.S.
    Ankara
    ------------------------------



  • 3.  RE: DAM Agent no traffic alerts

    Posted 09-16-2024 09:33

    Hi Pradeep,

    Could you share the file name to change the parameter (advanced config parameters), please?
    Thank you so much for your help.
    Have a great week!

    Best regards,



    ------------------------------
    Wagner de Oliveira
    ------------------------------



  • 4.  RE: DAM Agent no traffic alerts

    Posted 09-16-2024 10:36

    The efault alert time is 30 minutes & and the aggregation time is 360 minutes, then the first alert will be triggered after 30 minutes , and the second alert will be triggered after 360 minutes.

    Therefore the second alert will be like: "No Agent traffic detected for 390(30+360) minutes".   

     

    In order to modify these values, simply add the following lines to the "Advance Configuration" section:

    <system-events-no-traffic-threshold-minutes>X</system-events-no-traffic-threshold-minutes> - note this value is in minutes

    <system-events-no-traffic-aggregation>X</system-events-no-traffic-aggregation> - note this value is in seconds (360 minutes =21600 seconds)

     

     

    To disable Agents from sending system events when no traffic is seen, add the following line to the "Advance Configuration" section:

     <system-events-no-traffic-enable>false</system-events-no-traffic-enable> 

    I hope this helps



    ------------------------------
    Sarvesh Lad
    Tech Lead @ On-Prem Managed Services (WAF, DAM, DRA & Sonar)
    ------------------------------