Hi Neema,
Thank you for reaching out on the community forum!
It appears that you might be missing a placeholder in your configuration. To resolve this issue, I recommend following these steps:
1. Check Supported Placeholders:
- Please review our documentation for a list of all supported placeholders. You can find this information at: Supported Placeholders
2. Add Placeholder and Verify:
- Once you've identified the correct placeholder, add it to your configuration.
- Verify if the system event generates the desired user information using the following placeholder:
${Event.username}
I hope this helps you address the missing placeholder issue! Please give it a try and let us know if it resolves your problem.
Thank you for being part of our forum community, and please share your feedback on whether this solution works for you.
------------------------------
Nikhil Nandode
------------------------------
Original Message:
Sent: 09-11-2023 07:16
From: Neema Abdulkader
Subject: Imperva Gateway logs audit gaps
Dear Team,
We are currently updated the syslog configuration and forwarding the audit logs from Imperva gateway to SIEM.
Currently the logs that are getting captured at SIEM are having some log gaps.
For Ex. If an admin account is used for adding a new user at the gateway end than in the logs that are being captured at SIEM the user account used to perform the activity is not getting captured.
Please find the attachment for more reference.
Kindly confirm if any future enhancement request is placed for the same.
#AllImperva
------------------------------
Neema Abdulkader
Technical Support Engineer
Gulf IT Network Distribution FZ LLC
Dubai
------------------------------