Skip to content

Splunk App - The Imperva CWAF app provides and easy-to-use experience to analyze traffic information passing to your web servers and applications and details the important information in dashboards.

Notifications You must be signed in to change notification settings

blink-zero/splunk-impervacwaf

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Splunk App - The Imperva CWAF app provides and easy-to-use experience to analyze traffic information passing to your web servers and applications and details the important information in dashboards.

Setup process

Imperva

  1. Activate logging and configure the log integration settings in the Imperva Cloud Security Console. (Account > SIEM Logs > WAF Log Setup)
  2. Select 'Amazon S3' as the Connection type.
  3. Disable Encryption. (This is how this app was tested)
  4. Select 'CEF' as format type
  5. Disable Compression.
  6. Enter in the Amazon S3 API Details (Key and Secret) and S3 Bucket Path. (example: imperva-logs/waflogs)
  7. Ensure 'Website Log Levels' are set to 'All Logs'.
  8. Account > SIEM Logs > Website Log Levels

Splunk

  1. Install 'Splunk Add-on for Amazon Web Services (AWS)'.
  2. Go to 'Splunk Add-on for Amazon Web Services (AWS)' > 'Configuration' tab > Add.
  3. Enter Name, AWS Key ID, Secret Key and region category if appropriate. Save. 'example: Name=Imperva, AWS Key ID=1234567HGSD, Secret Key=12345LKJH, region=Global'
  4. Create an index in Splunk called 'imperva'.
  5. Create a data input in Splunk. Go to 'Settings' > 'Data Inputs' > Locate 'AWS S3' > '+ Add'.
  6. Fill in the details like the example below. (If not listed below, leave default)

Name=imperva, AWS Account=Imperva, Bucket Name=imperva-logs, Key prefix=waflogs/ -More Settings- Set sourcetype=manual, Source type=imperva:cef, Index=imperva

  1. Finally, Install the 'Imperva CWAF' app.
  2. Restart Splunk if needed.

Strange formatting of logs

  • If logs are coming through with strange formatting, try setting the logs to uncompressed in the Imperva WAF console.

Version (Latest)

1.1.1

Author

  • Travis Anderson

About

Splunk App - The Imperva CWAF app provides and easy-to-use experience to analyze traffic information passing to your web servers and applications and details the important information in dashboards.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published