Imperva Incapsula
The JSA DSM for Imperva Incapsula collects logs from an Imperva Incapsula service.
The following table describes the specifications for the Imperva Incapsula DSM:
Specification |
Value |
---|---|
Manufacturer |
Imperva |
DSM name |
Imperva Incapsula |
RPM file name |
DSM-ImpervaIncapsula-JSA_version-build_number .noarch.rpm |
Supported versions |
N/A |
Protocol |
Syslog |
Event format |
LEEF |
Recorded event types |
Access events and Security alerts |
Automatically discovered? |
Yes |
Includes identity? |
No |
Includes custom properties? |
No |
More information |
Imperva Incapsula website (https://www.incapsula.com/) |
To integrate Imperva Incapsula with JSA, complete the following steps:
If automatic updates are not enabled, download and install the most recent version of the following RPMs from the Juniper Downloads onto your JSA console:
DSMCommon RPM
Imperva Incapsula DSM RPM
Configure the Log download utility to collect logs and then forward the logs to JSA.
If JSA does not automatically detect the log source, add an Imperva Incapsula log source on the JSA Console. The following table describes the parameters that require specific values to collect event from Imperva Incapsula:
Table 2: Imperva Incapsula Log Source Parameters Parameter
Value
Log Source type
Imperva Incapsula
Protocol Configuration
Syslog
-
Verify that JSA is configured correctly.
Note:Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.
The following table shows a sample normalized event message from Imperva Incapsula:
Table 3: Imperva Incapsula Sample Message Event name
Low level category
Sample log message
REQ_PASSED
Information
LEEF:1.0| Incapsula| SIEMintegration| 1.0|Normal| fileId=fid sourceServiceName =ssname siteid=siteid suid=suid requestClientAppl ication=reqcliapp cs2=true cs2Label=Javascri pt Support cs3=true cs3Label=CO Support src=<Source_IP_address> cs1=NA cs1Label=Cap Support cs5Label=clappsig dproc=Browser cs6=Internet Explorer cs6Label=clapp calCountryOrRegio n=[XX] cs7=xx.xx cs7Label=latitude cs8=xx.xx cs8Label=longitude Customer=customer start=start requestMethod=GET cn1=200 proto=HTTP cat=REQ_PASSED