Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Quick Start Security for Imperva

Imperva
Imperva icon

Out-of-the-Box Security For Imperva Includes:

Alerts - 6

Stay on top of Imperva key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

Imperva Attack Analytics - Multiple SQL injections from different sources

SQL injection from multiple sources observed. Impact In case of success sensitive data can be exfiltrated Mitigation Validate that all of the relevant traffic was blocked by the WAF. If needed, apply additional hardening policies. If any of the attacks were not blocked further investigate according to the company policies.

Imperva Attack Analytics - Single Attack from multiple sources

A single attack type from multiple different source IPs over a short period of time observed. This kind of activity can indicate a targeted attack on one or more of the companies web assets. Impact In case of success different services can become unreachable or data exfiltration can occure. Mitigation Validate that all of the relevant traffic was blocked by the WAF. If needed, apply additional hardening policies. If any of the attacks were not blocked further investigate according to the company policies.

Imperva Attack Analytics - Multiple attack types from a single source

Multiple unique attacks from a single source IP to multiple destination hosts observed. Impact In case any of the attacks were successful it can cause an impact on different service availability or data exfiltration. Mitigation Validate that all of the relevant traffic was blocked by the WAF. If needed, apply additional hardening policies. If any of the attacks were not blocked further investigate according to the company policies.

Imperva Attack Analytics - Single source Attacks multiple destinations

Multiple attack from a single source IP to multiple destination hosts observed. Impact In case any of the attacks were successful it can cause an impact on different service availability or data exfiltration. Mitigation Validate that all of the relevant traffic was blocked by the WAF. If needed, apply additional hardening policies. If any of the attacks were not blocked further investigate according to the company policies.

Imperva Attack Analytics - Multiple sources attack on a single host

Multiple source IPs attacks on a single destination host observed. Impact In case any of the attacks were successful it can cause an impact on different service availability or data exfiltration. Mitigation Validate that all of the relevant traffic was blocked by the WAF. If needed, apply additional hardening policies. If any of the attacks were not blocked further investigate according to the company policies.

No logs from Imperva

This rule detects if there are no logs in the last 36 hours for Imperva in the customer account. Note- This alert should configured with relevant app & subsystem. Impact Disabling logging is a tactic that adversaries might employ as part of various MITRE ATT&CK techniques to avoid detection, cover their tracks, or impede incident response investigations. Mitigation Address logging concerns to ensure comprehensive monitoring within the Coralogix SIEM system. MITRE Tactic: TA0005 MITRE Technique:T1562

Documentation

Learn more about Coralogix's out-of-the-box integration with Imperva in our documentation.

Read More
Schedule Demo