More Related Content Similar to D3SF17- A Single Source of Truth for Security Issues- Pushing Siem Logs to Cloud Storage (20) More from Imperva Incapsula (20) D3SF17- A Single Source of Truth for Security Issues- Pushing Siem Logs to Cloud Storage1. A Single Source of Truth for
Security Issues: Pushing SIEM
Logs to Cloud Storage
Bryan Jones, Senior Sales Engineer
2. Incapsula supports CEF, LEEF, and W3C log formats and provides
near real-time event reporting of in-depth event information, such
as attacker geo-location and client application signature. Incapsula
creates the following comprehensive and detailed logs:
SECURITY LOGS provide a detailed alert for each suspicious event
detected by the Incapsula proxy while protecting your network throughout
its globally distributed network. All logs include the account ID and site ID
references, which enables drill down into each individual customer/site.
ACCESS LOGS specify every request and response sent between your
customers and the Incapsula proxy. This is all the traffic that would have
been sent between end users and your origin server, including traffic that
Incapsula served from its cache.
© 2017 Imperva, Inc. All rights reserved.2
3. Incapsula Log Integration in the cloud:
• Automatic log integration via SFTP or Amazon S3. Your logs are pushed
upon creation to your pre-defined repository - an AWS S3 bucket or an
SFTP folder. Logs are automatically transferred from the Incapsula cloud
repository to your repository. No log data is stored in Incapsula at any time.
© 2017 Imperva, Inc. All rights reserved.3
Origin Server
Bots
Incapsula WAF Cloud Storage
Humans
4. Configure Log API in IncapsulaCreate S3 Bucket for Log Storage
© 2017 Imperva, Inc. All rights reserved.4
Simple integration to push logs to your S3 storage in AWS.