I would like to know the experience in configuring splunk siem onprem to cloud waf integration. Couple of questions;
1.the incapsula.spl , can this be modified or just load it to the splunk and no further configurations needed?
2.what is the firewall requirements, port, services eg: between splunk inbound / outbound to cwaf management console url.
3. do i need to enable manually the enabled the WAF Log Levels in each enrolled websites? by default it is Disabled.
more power to imperva.
Please find information regarding steps for Cloud WAF Log integration here: https://docs.imperva.com/bundle/cloud-application-security/page/settings/log-integration.htm
You can find the instructions for installing the Splunk package here: https://docs.imperva.com/bundle/cloud-application-security/page/more/siem-package.htm