Source types for the Splunk Add-on for Imperva SecureSphere WAF
The Splunk Add-on for Imperva SecureSphere WAF can collect the following kinds of events: alerts, events, and traffic. The add-on includes the following source types and event types which map the data to the Splunk Common Information Model (CIM).
Source type | Event type | CIM data models |
---|---|---|
imperva:waf
|
imperva_waf
|
Intrusion Detection |
imperva:waf:system:cef
|
imperva_waf_system
|
Alerts |
imperva_waf_system_login_failed
|
Authentication | |
imperva:waf:security:cef
|
imperva_waf
|
Intrusion Detection |
imperva:waf:firewall:cef
|
imperva_waf
|
Intrusion Detection |
Configure inputs for the Splunk Add-on for Imperva SecureSphere WAF | Lookups for the Splunk Add-on for Imperva SecureSphere WAF |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!