Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Synology File Server

    Posted 11-15-2022 03:30
    Hello,

    I would like to do archiving of the audit data for the DAM Imperva Product.

    The client uses Synology File Server. Does Imperva support it? If yes, which one should I select for the configurations?



    Thanks,
    Gerta
    #DatabaseActivityMonitoring

    ------------------------------
    Olgerta Prendi
    Cyber Security Specialist
    S&T AG
    Tirana
    ------------------------------


  • 2.  RE: Synology File Server

    Posted 11-15-2022 10:13
    Hi,

    We do not support specific products but we support protocols. If the product supports that protocol, we support it.

    SecureSphere supports FTP , SCP , NFS on the platform itself via GUI. From what I can tell Synology supports quite a few of the above protocols.

    A quick search tells me that the Synology File Server can be configured to provide shares via Samba/CIFS, NFS. It can also support FTP server and SSH (scp).

    So it really boils down to what protocol you want to use.

    If you are planning to use SMB or NFS, you have to mount it on the appliance CLI by editing the /etc/fstab or other methods and providing the mount location in GUI.

    I cannot find publicly available documentation for the Synology File Server but terms you are looking for  "creating a Samba Share" etc..

    Regards,

    ------------------------------
    Sarvesh Lad
    Tech Lead @ On-Prem Managed Services (WAF, DAM, DRA & Sonar)
    ------------------------------



  • 3.  RE: Synology File Server

    Posted 11-15-2022 15:47
    Edited by Olgerta Prendi 11-15-2022 15:49
    Hi Sarvesh,

    Thank you for your response.

    The client uses Synology Server and it supports SMB, File Share Protocol. 

    I was reading about the mounting in the case of SMB, NFS and find the article below:

    https://docs.imperva.com/bundle/v14.7-database-activity-monitoring-user-guide/page/1658.htm

    I think this is the procedure. Am I right?

    Kind Regards,
    Gerta



    ------------------------------
    Olgerta Prendi
    Cyber Security Specialist
    S&T AG
    Tirana
    ------------------------------



  • 4.  RE: Synology File Server

    Posted 11-15-2022 17:19
    The article you found has the correct steps.

    I use a NFS share, and had to add the mount command to the /etc/rc.d/rc.local file to get the share to remount on a reboot.
        mount /media/mount

    You can run nfsstat -m to show the mount parameters after the mount works.

    Some of the issues that I had were that the firewall ports to the share was not open. 
    And when they moved the share to a different file server, the new server was version 3, the old server was version 4 so the mount command needed to be changed.

    For version 3, I had the file server admin change the directory to use the no_root_squash parameter, as without it the directories were owned by nobody.
    And for version 3, I opened ports 111,2049,300,302, and 304.  I'm not sure what ports were open for v4.




    ------------------------------
    Robert Miller
    Senior Cybersecurity Engineer
    Bank of the West
    Omaha NE
    ------------------------------



  • 5.  RE: Synology File Server

    Posted 11-24-2022 05:19
    Hi Team,

    After doing the mounting for CIFS, can you guide me which feature on the action sets should I check for the configurations in Imperva?

    Kind Regards,

    ------------------------------
    Olgerta Prendi
    Cyber Security Specialist
    S&T AG
    Tirana
    ------------------------------



  • 6.  RE: Synology File Server

    Posted 11-24-2022 21:04
    Hi Olgerta,


    After setting up CIFS, you need to add a new NFS Archive to Action Sets.
    1. Navigate to Admin tab > System Definitions > Action interfaces > Create new action interface > choose NFS Archive > Save
    2. From the web UI > Policies > Action Sets, choose NFS Archive > NFS, then configure your file server there.
    Reference Document:
    https://support.imperva.com/s/article-items?articleId=8eca7b2f

    Next, you need to set the Audit Policy's Archiving
    1. From the MX UI, go to Main > Policies > Audit > select the relevant policy
    2. Make sure the Archiving and purge settings of the policy
      Reference Document:
      https://support.imperva.com/s/article-items?articleId=9e9c3ec2

      ------------------------------
      Henry Zhu
      Technical Engineer
      CipherTech Co., Ltd
      Taipei
      ------------------------------