Imperva Cyber Community

communities_1.jpg
 View Only

  • 1.  Related to DAM Imperva Throughput

    Posted 03-12-2024 08:48
    Edited by Danish Khan 03-12-2024 08:49

    1.In case the throughput becomes zero because of some connectivity/other issues then is there a way in Imperva to flag such issue as an error in console as compared to situations where logs are not generated and hence throughput is zero.

    2. Additionally, we can further highlight if imperva has capability to resume sending of logs from previous breakage time (retrospectively) or not.


    #DatabaseActivityMonitoring

    ------------------------------
    Danish Khan
    OLM Developer
    Airtel Payment Bank Ltd
    ------------------------------



  • 2.  RE: Related to DAM Imperva Throughput

    Posted 03-18-2024 18:07
    Edited by John Thompson 03-18-2024 18:07

    Hi Danish,

    Those are great questions.  I've always thought we've handled this really well, with multiple overlapping controls.  I'll go into those below.  If you can share the operating system and version of the database host, the database type and version of the database itself, the version of your Imperva agent, and the version of On-Prem DAM that you're running, that may all be helpful.

    Those overlapping controls that I discussed may not be enabled by default on your version or agent, etc. but, they include:

    1. Local agent storage of database traffic which was unable to be sent to the Imperva On-Prem DAM Gateway
      1. configurable storage and path of db traffic, defaults to local agent directory, and 8-GB of traffic. 
      2. *Note: 8-GB may be too small for larger, high-performance, or highly active transactional database, etc.
    2. System Events for On-Prem DAM Management Server (MX)  provide notification of:
      1. Disk Space Warning - agent storage location disk has less free space than agent is configured for
      2. Disk Quota Exceeded - If traffic could not be sent to the GW
      3. No-Traffic - No traffic from Agent in XX minutes 
      4. Traffic Restored - Traffic has been re-identified on monitored agents that previously alerted "no-traffic"
      5. Connectivity - GW connection failed
      6. Agent Packet Loss - In last 24-hours, agent dropped X packets of Y total received [disabled by default I believe]
    3. Automatic dequeuing of traffic captured stored locally when GW connectivity is restored
    4. Configurable agent behavior when connectivity is lost between the agent and the GW
    5. Agent status monitoring
      1. Configurable / customizable agent reporting
      2. The Agent Workbench in the MX console
      3. Agent Details in the GW window - (status, last seen, throughput, connections per second, etc.)
    6. SOM Monitoring - Environmental Health Monitoring of entire environment from SOM through MX, GW, and Agents.
      1. System Events in SOM
      2. SOM Alarms - including: GW disconnected, networking issues, redundant GW failover, capacity warnings and overloads, agent operation, agent disconnect, agent monitoring issues, agent buffers, errors, and more...

    .

    Are you seeing any system events related to the agent connectivity or traffic in your console or SIEM?

    - JT



    ------------------------------
    John Thompson
    Director, Channel Presales
    Imperva
    San Diego CA
    ------------------------------

    Original Message