Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
---|---|---|---|---|---|---|---|
Impreva Cloud WAF (Incapsula) Logs | ✅ | ✅ | imperva_waf_logs | CEF | S3 | ||
Impreva On-Prem WAF (SecureSphere) Logs | ✅ | ✅ | imperva_secure_sphere_waf | CEF | S3 | ||
Imperva Attack Analytics | ✅ | ✅ | imperva_attack_analytics | CEF | S3 | ||
Imperva Advanced Bot Protection logs | ✅ | ✅ | imperva_nrt | NDJSON | S3 |
Overview
Imperva is a cybersecurity company specializing in protecting critical data and applications. It offers solutions like Web Application Firewalls (WAF), DDoS protection, API security, and data protection to safeguard against cyber threats. Imperva ensures compliance, performance, and security for on-premises, cloud, and hybrid environments.
Supported data types
Impreva Cloud WAF (Incapsula) Logs
Overview
Table name: imperva_waf_logs
Retrieve your Imperva access and event logs from the Imperva cloud repository and archive or push these events into your SIEM solution. These contain Security logs (detailed alert for each suspicious event detected by the Imperva proxy) and Access logs (specify every request and response sent between your customers and the Imperva proxy).
Learn more here.
Send data to Hunters
Hunters supports the ingestion of Impreva Cloud WAF logs via an intermediary AWS S3 bucket.
To connect Impreva Cloud WAF logs:
Export your logs from Impreva to an AWS S3 bucket by following this guide.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Logs are expected in CEF format.
Impreva On-Prem WAF (SecureSphere) Logs
Overview
Table name: imperva_secure_sphere_waf
Imperva On-Prem WAF (Web Application Firewall) logs are critical for tracking and analyzing web traffic to identify and mitigate potential threats. These logs provide detailed records of all transactions between web applications and users, including attempts to exploit vulnerabilities. They are instrumental in understanding attack patterns, ensuring compliance with data protection regulations, and optimizing web application security measures.
Send data to Hunters
Hunters supports the ingestion of Imperva On-Prem WAF logs via an intermediary AWS S3 bucket.
To connect Imperva On-Prem WAF logs:
Export your logs from Impreva to an AWS S3 bucket by following this guide.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Logs are expected in CEF format.
Impreva Attack Analytics Logs
Overview
Table name: imperva_attack_analytics
Imperva Attack Analytics is a cybersecurity product that leverages machine learning and artificial intelligence to provide advanced threat detection and analysis capabilities. It is designed to help organizations identify and respond to sophisticated cyber threats in real time. Attack Analytics monitors network traffic, application logs, and user behavior to detect anomalies and suspicious activities that may indicate a security breach. It correlates data from multiple sources to provide a comprehensive view of the organization's security posture and prioritizes alerts based on risk level. By using Attack Analytics, organizations can improve their ability to detect and respond to cyber threats, ultimately enhancing their overall security posture.
Learn more here.
Send data to Hunters
Hunters supports the ingestion of Impreva Attack Analytics logs via an intermediary AWS S3 bucket.
To connect Impreva Attack Analytics logs:
Export your logs from Impreva to an AWS S3 bucket by following this guide.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Logs are expected in CEF format.
Imperva Advanced Bot Protection
Overview
Table name: imperva_nrt
Imperva Advanced Bot Protection provides detailed logs that offer visibility into bot traffic across web, mobile, and API channels. These logs include data points such as request source, user-agent, IP reputation, bot classification (e.g., scraper, automation tool, crawler), decision outcome (allowed, challenged, blocked), and detection methods used. They help security teams analyze bot behavior, track trends over time, and investigate specific incidents.
Send data to Hunters
Hunters supports the ingestion of Imperva Advanced Bot Protection logs via an intermediary AWS S3 bucket.
To connect Imperva Advanced Bot Protection logs:
Export your logs from Impreva to an AWS S3 bucket by following this guide.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Logs are expected in NDJSON format.