Imperva Cyber Community

I need to send the audit logs to SIEM. I thought of sending the logs of policy which only matches "Counterbreach for Database - All events" in terms of hoping that it would ship all the events. Am I correct?

Does policy "Counterbreach for Database - login Logouts" subset of "Counterbreach for Database - All events"?

Note: This is for archival purposes only.

#DatabaseActivityMonitoring

------------------------------
JothiRam
------------------------------

Hi JothiRam,

To send audit logs to SIEM use this article https: //docs.imperva.com/bundle/v14.7-database-activity-monitoring-user-guide/page/1656.htm

You mentioned that both policies are mainly used to send Imperva DAM audit data into Data Risk Analysis (DRA).

------------------------------
Regards,
𝐌𝐢𝐭𝐞𝐬𝐡 𝐌𝐞𝐡𝐭𝐚
Senior Security Consultant
Mumbai
------------------------------

Mitesh,

Many thanks for your response. So there is no ADC policy that captures all events for compliance purposes. 

------------------------------
JothiRam
------------------------------

Original Message:
Sent: 06-22-2023 07:14
From: Mitesh Mehta
Subject: Does the policy "Counterbreach for Database - All events" includes all the audit events? or does it includes only specific events

Hi JothiRam,

To send audit logs to SIEM use this article https: //docs.imperva.com/bundle/v14.7-database-activity-monitoring-user-guide/page/1656.htm

You mentioned that both policies are mainly used to send Imperva DAM audit data into Data Risk Analysis (DRA).

------------------------------
Regards,
𝐌𝐢𝐭𝐞𝐬𝐡 𝐌𝐞𝐡𝐭𝐚
Senior Security Consultant
Mumbai
------------------------------

Hi Jothiram,

In DAM Monitoring for 'security and compliance policy is done in separate but parallel channels'.

SecureSphere delivers predefined policies that provide you with the ability to prove that your organization is compliant for further information please go through this article: https://docs.imperva.com/bundle/v14.7-database-activity-monitoring-user-guide/page/1170.htm

------------------------------
Regards,
𝐌𝐢𝐭𝐞𝐬𝐡 𝐌𝐞𝐡𝐭𝐚
Senior Security Consultant
Mumbai
------------------------------

Original Message:
Sent: 06-22-2023 07:37
From: JothiRam Ravi
Subject: Does the policy "Counterbreach for Database - All events" includes all the audit events? or does it includes only specific events

Mitesh,

Many thanks for your response. So there is no ADC policy that captures all events for compliance purposes. 

------------------------------
JothiRam
------------------------------


Original Message:
Sent: 06-22-2023 07:14
From: Mitesh Mehta
Subject: Does the policy "Counterbreach for Database - All events" includes all the audit events? or does it includes only specific events

Hi JothiRam,

To send audit logs to SIEM use this article https: //docs.imperva.com/bundle/v14.7-database-activity-monitoring-user-guide/page/1656.htm

You mentioned that both policies are mainly used to send Imperva DAM audit data into Data Risk Analysis (DRA).

------------------------------
Regards,
𝐌𝐢𝐭𝐞𝐬𝐡 𝐌𝐞𝐡𝐭𝐚
Senior Security Consultant
Mumbai