Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Imperva Incapsula

The JSA DSM for Imperva Incapsula collects logs from an Imperva Incapsula service.

The following table describes the specifications for the Imperva Incapsula DSM:

Table 1: Imperva Incapsula DSM Specifications

Specification

Value

Manufacturer

Imperva

DSM name

Imperva Incapsula

RPM file name

DSM-ImpervaIncapsula-JSA_version-build_number .noarch.rpm

Supported versions

N/A

Protocol

Syslog

Event format

LEEF

Recorded event types

Access events and Security alerts

Automatically discovered?

Yes

Includes identity?

No

Includes custom properties?

No

More information

Imperva Incapsula website (https://www.incapsula.com/)

To integrate Imperva Incapsula with JSA, complete the following steps:

  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs from the Juniper Downloads onto your JSA console:

    • DSMCommon RPM

    • Imperva Incapsula DSM RPM

  2. Configure the Log download utility to collect logs and then forward the logs to JSA.

  3. If JSA does not automatically detect the log source, add an Imperva Incapsula log source on the JSA Console. The following table describes the parameters that require specific values to collect event from Imperva Incapsula:

    Table 2: Imperva Incapsula Log Source Parameters

    Parameter

    Value

    Log Source type

    Imperva Incapsula

    Protocol Configuration

    Syslog

  4. Verify that JSA is configured correctly.

    Note:

    Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

    The following table shows a sample normalized event message from Imperva Incapsula:

    Table 3: Imperva Incapsula Sample Message

    Event name

    Low level category

    Sample log message

    REQ_PASSED

    Information

    LEEF:1.0|
    Incapsula|
    SIEMintegration|
    1.0|Normal|
    fileId=fid
    sourceServiceName
    =ssname
    siteid=siteid
    suid=suid
    requestClientAppl
    ication=reqcliapp
    cs2=true
    cs2Label=Javascri
    pt Support
    cs3=true
    cs3Label=CO
    Support
    src=<Source_IP_address>
    cs1=NA
    cs1Label=Cap
    Support
    cs5Label=clappsig
    dproc=Browser
    cs6=Internet
    Explorer
    cs6Label=clapp
    calCountryOrRegio
    n=[XX]
    cs7=xx.xx
    cs7Label=latitude
    cs8=xx.xx
    cs8Label=longitude
    Customer=customer
    start=start
    requestMethod=GET
    cn1=200
    proto=HTTP
    cat=REQ_PASSED