Splunk® Supported Add-ons

Splunk Add-on for Imperva SecureSphere WAF

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Configure inputs for the Splunk Add-on for Imperva SecureSphere WAF

There are two ways to capture input data.

  • You can create a UDP input to capture the data sent on the port you have configured in Imperva SecureSphere WAF.
  • If you are using a syslog aggregator, you can create a monitor input to monitor the file or files generated by the aggregator.

UDP input

In the Splunk platform node handling data collection, configure the UDP input to match your configurations in Imperva SecureSphere WAF and set your source type to imperva:waf. The CIM mapping and dashboard panels are dependent on this source type.

For information on how to configure a Splunk forwarder or single-instance to receive a syslog input using the CLI for the configuration files, see "Get data from TCP and UDP ports" in the Getting Data In manual. You can also configure syslog inputs using the Splunk Web UI if you have access to Splunk Web on your collection node as described in Get data from TCP and UDP ports in the Getting Data In manual.

Monitor input

If you are using a syslog aggregator, on the Splunk platform node handling data collection, set up a monitor input to monitor the file or files that are generated and set your source type to imperva:waf. The CIM mapping and dashboard panels are dependent on this source type.

See Monitor files and directories in the Getting Data In manual for information about setting up a monitor input.

Validate data collection

Once you have configured the input, run this search to check that you are ingesting the data that you expect.

sourcetype=imperva:waf*

Last modified on 21 July, 2021
PREVIOUS
Configure Imperva SecureSphere WAF to send data to the Splunk Add-on for Imperva SecureSphere WAF
  NEXT
Source types for the Splunk Add-on for Imperva SecureSphere WAF

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters