[Workshop Alert] Mastering Observability with OpenTelemetry Fundamentals - Register Now!

Start Free Trial Get a Demo
Start Free Trial Request Demo

Quick Start Security for Imperva

Imperva
Imperva icon

Coralogix Extension For Imperva Includes:

Alerts - 6

Stay on top of Imperva key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

Imperva Attack Analytics - Multiple SQL injections from different sources

SQL injection from multiple sources observed. Impact In case of success sensitive data can be exfiltrated Mitigation Validate that all of the relevant traffic was blocked by the WAF. If needed, apply additional hardening policies. If any of the attacks were not blocked further investigate according to the company policies.

Imperva Attack Analytics - Single Attack from multiple sources

A single attack type from multiple different source IPs over a short period of time observed. This kind of activity can indicate a targeted attack on one or more of the companies web assets. Impact In case of success different services can become unreachable or data exfiltration can occure. Mitigation Validate that all of the relevant traffic was blocked by the WAF. If needed, apply additional hardening policies. If any of the attacks were not blocked further investigate according to the company policies.

Imperva Attack Analytics - Multiple attack types from a single source

Multiple unique attacks from a single source IP to multiple destination hosts observed. Impact In case any of the attacks were successful it can cause an impact on different service availability or data exfiltration. Mitigation Validate that all of the relevant traffic was blocked by the WAF. If needed, apply additional hardening policies. If any of the attacks were not blocked further investigate according to the company policies.

Imperva Attack Analytics - Single source Attacks multiple destinations

Multiple attack from a single source IP to multiple destination hosts observed. Impact In case any of the attacks were successful it can cause an impact on different service availability or data exfiltration. Mitigation Validate that all of the relevant traffic was blocked by the WAF. If needed, apply additional hardening policies. If any of the attacks were not blocked further investigate according to the company policies.

Imperva Attack Analytics - Multiple sources attack on a single host

Multiple source IPs attacks on a single destination host observed. Impact In case any of the attacks were successful it can cause an impact on different service availability or data exfiltration. Mitigation Validate that all of the relevant traffic was blocked by the WAF. If needed, apply additional hardening policies. If any of the attacks were not blocked further investigate according to the company policies.

No logs from Imperva

This rule detects if there are no logs in the last 36 hours for Imperva in the customer account. Note- This alert should configured with relevant app & subsystem. Impact Disabling logging is a tactic that adversaries might employ as part of various MITRE ATT&CK techniques to avoid detection, cover their tracks, or impede incident response investigations. Mitigation Address logging concerns to ensure comprehensive monitoring within the Coralogix SIEM system. MITRE Tactic: TA0005 MITRE Technique:T1562

Integration

Learn more about Coralogix's out-of-the-box integration with Imperva in our documentation.

Read More
Schedule Demo

300+ Integrations

View More
Akamai
Akamai
JIRA
JIRA
Logstash
Logstash
Prometheus
Prometheus
Fluent Bit
Fluent Bit
Kubernetes
Kubernetes
Amazon CloudWatch
Amazon CloudWatch
GCP Log Explorer
GCP Log Explorer
CircleCI
CircleCI
Slack
Slack
PagerDuty
PagerDuty
Jenkins
Jenkins
OTel
OTel
CrowdStrike Falcon
CrowdStrike Falcon
Teams
Teams
AWS Lambda
AWS Lambda
GitHub
GitHub
Azure
Azure
Cortex XSOAR
Cortex XSOAR
AWS S3
AWS S3