Imperva Cyber Community

 View Only
  • 1.  imperva service discovery add individual databases

    Posted 17 days ago
    Hello, I have the following Scenario.

    I have 3 MSSQL servers, inside these MSSQL servers I have 4 MSSQL instances, inside these instances I have between 20 to 40 databases.

    Now there's a way with the service discovery to automatically discover all the instances with all the databases. And these new discovers will be show in the Site tree for each Instance with all their databases.

    Or I need to add manually each instance as a service? Because only discover the default database. 

    Is this possible with the service discovery?
    #AllImperva

    ------------------------------
    Gerson Acevedo
    Engineer
    Sisap - Sistemas Aplicativos
    Guatemala
    ------------------------------


  • 2.  RE: imperva service discovery add individual databases

    Posted 15 days ago
    Service Discovery scans will only find server IPs based on the port list in the global port group listed under the advanced configuration for that scan.
    If your databases are on non-standard ports (something other than 1433 for mssql), then add the additional ports to a global port group.
    https://docs.imperva.com/bundle/v14.9-database-activity-monitoring-user-guide/page/401.htm 

    From the Discovery & Classification / Discovered Servers tab you could accept the host and it would add to the site tree.
    It does not add individual instances.

    In the site tree, under the service add the database connection info for the instance in the direct access information, then that info is used when you configure a database classification scan.




    ------------------------------
    Robert Miller
    Senior Cybersecurity Engineer
    Bank of the West
    Omaha NE
    ------------------------------



  • 3.  RE: imperva service discovery add individual databases

     
    Posted 10 days ago
    But be careful if there is a honeypot inside or detect the content of the network scan.
    This feature will trigger an alarm, remember to set a whitelist.

    ------------------------------
    Cj Kuo
    CT
    CipherTech Co., Ltd
    NeiHu District
    ------------------------------