@Gerson Acevedo, @Jaired Anderson's suggestion to send a "/ c m d . e x e" (*remove spaces) as an attack in the URL is a great idea because that will trigger against a signature, rather than against the profile. Excellent troubleshooting step Jaired!
@Ira Miga's blog article above references a great diagram modeled to the OSI model that everyone's familiar with (*including the very important "layer-8"), but I also like this Imperva OnPrem WAF / WAF Gateway diagram showing the different layers of security inspection performed. Both provide interesting perspectives when troubleshooting security policy questions.
------------------------------
John Thompson
Director, Channel Presales
Imperva
San Diego CA
------------------------------
Original Message:
Sent: 02-01-2024 10:21
From: Jaired Anderson
Subject: Imperva OneBox demo is not capturing Alerts or Violations
I will second and third what Alejandro and John said; a TCPDump is always a good place to start - especially in a lab or virtual environment. You'll want to confirm that you see traffic enter and exit the correct interfaces.
It's odd that you are seeing Web profile traffic, but not alerts - these are typically mutual. In other words, whatever issue that's stopping the alerts from being seen will also prevent the profile from being populated. (with a default configuration)
You might try sending a "/ c m d . e x e" (remove the spaces) to trigger an alert.
------------------------------
Jaired Anderson
Imperva
https://www.imperva.com/
Original Message:
Sent: 01-26-2024 16:19
From: Gerson Acevedo
Subject: Imperva OneBox demo is not capturing Alerts or Violations
Hello I have installed the OneBox LAB in my PC with the SuperVeda Webserver and followed the instructions and when I check the Profile learning pages I can see the profile is learning about the websites, however when I check the alerts and Violaitions after try the classic SQL injection code 1+1; I dont see any message. So not sure why is not repoting any alert. Any idea?
#AllImperva
#On-PremisesWAF(formerlySecuresphere)
------------------------------
Gerson Acevedo
Engineer
Sisap - Sistemas Aplicativos
Guatemala
------------------------------