imperva waf gateway connector to send CEF and commmonsecuritylog table to microsoft sentinel

Aik Hong Tng (Group) 45 Reputation points
2023-06-12T03:40:53.11+00:00

Hi All,

i'm trying to deploying an imperva waf gateway in azure vm and need imperva waf gateway connector to send CEF and commmonsecuritylog table to microsoft sentinel.

how do i deploy this ?

is it true that for imperva waf gateway to work, we need to deploy imperva waf management server (MX) and imperva waf gateway and input the license and bind the license from imperva waf management server (MX) in order for the imperva gateway to work?

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,295 questions
0 comments No comments
{count} votes

Accepted answer
  1. JamesTran-MSFT 36,906 Reputation points Microsoft Employee Moderator
    2023-06-12T21:06:32.93+00:00

    @Aik Hong Tng (Group)

    Thank you for your post!

    I understand that you're deploying an Imperva WAF Gateway within an Azure VM and need to implement a Sentinel Data Connector to send CEF and commmonsecuritylog table data to Microsoft Sentinel. To hopefully help point you in the right direction or resolve your issue, I'll share my findings below.


    Findings:

    When it comes to connecting the Imperva WAF Gateway to Sentinel, you can use the Imperva WAF Gateway (Preview) connector from the Microsoft Sentinel Data Connectors page.

    Prerequisites:

    To integrate with Imperva WAF Gateway (Preview) make sure you have:

    User's image

    Alternatively, you can also leverage the Imperva Cloud WAF (using Azure Functions) connector for Microsoft Sentinel which provides the capability to integrate and ingest Web Application Firewall events into Microsoft Sentinel through the REST API.

    I'm not too familiar with Imperva products, but when it comes to the Imperva WAF Management Server (MX), it looks like the connector requires an Action Interface and Action Set to be created on the Imperva SecureSphere MX. For more info on how to create the requirements.

    I'd also recommend reaching out the Imperva Cyber Community when it comes to Imperva WAF specific questions.


    Additional Links:

    I hope this helps!

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.


    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.