Hi Agustin,
Then in that case please raise a support ticket to know the root cause.
Also, please check that the build version of MS SQL Server is supported as per attachment of the KB article: https://docs-cybersec.thalesgroup.com/bundle/z-kb-articles-knowledgebase-support/page/290718678.html
Regards,
------------------------------
SBISOC 4430
Manager
Mumbai
------------------------------
Original Message:
Sent: 11-23-2025 21:05
From: Agustin Cudiamat
Subject: Why my alerts/violations showing broadcast address from my imperva dam console
Hi SBISOC 4430,
Currently my agent is version is 14.6.0.40.0.637257.
------------------------------
Agustin Cudiamat
Field Engineer
Singapore
Original Message:
Sent: 11-20-2025 11:51
From: SBISOC 4430
Subject: Why my alerts/violations showing broadcast address from my imperva dam console
Hi Agustin,
IP 255.255.255.255 is a restricted broadcast address and such behaviour is noticed for MS SQL databases whose activity logs in the DAM show IP 255.255.255.255 as both source and destination. It was fixed in the agent version v14.4P40.
Regards,
------------------------------
SBISOC 4430
Manager
Mumbai
Original Message:
Sent: 11-20-2025 03:40
From: Agustin Cudiamat
Subject: Why my alerts/violations showing broadcast address from my imperva dam console
Hi,
Im having alerts/violations that is showing Source IP and destination IP as 255.255.255.255. I analyze the alert/violations it's seems that it is running a schedule activity within the DB server. May I check in what situation will the DAM agent capture 255.255.255.255?
Is there a way to rectify this alert/violation is coming from the server actual IP?
Connection: 255.255.255.255 > 255.255.255.255
DB Application: microsoft sql server management studio
Operation: backup database
Normalized Query: declare query
#databasesecurity
#ImpervaAgent
#DAM
#DatabaseActivityMonitoring
#ImpervaAgent
------------------------------
Agustin Cudiamat
Field Engineer
Singapore
------------------------------