Events from Imperva FW (SS-WAF-G2G)

Answered Question
Sep 17th, 2010
User Badges:

Hi,


Does anybody know what are the capabilities of MARS to support Imperva FireWalls? Maybe someone has this type of FW in their MARS environment? I am concerning about pulling as much info as possible to CS-MARS from this device. I would appreciate if some would share their experience with me.


Regards,

GP

Correct Answer by Scott Fringer about 6 years 10 months ago

GP;


  CS-MARS does not natively support the Imperva firewall.  This means out-of-the-box, CS-MARS cannot parse any messages received by this device.  You could create your own custom device using the CS-MARS Device Support Framework (DSF).  This requires creating custom parsers for the various messages you wish to have CS-MARS parse and map to a CS-MARS event.  This process is outlined here:


http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/user/guide/combo/cfgCustm.html


  There is also a custom device package sharing forum here in the community:


https://supportforums.cisco.com/community/netpro/security/mars-pkg?view=discussions


  I do not currently see any discussion in that forum regarding the Imperva firewall.


Scott

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Scott Fringer Sat, 09/18/2010 - 06:52
User Badges:
  • Cisco Employee,

GP;


  CS-MARS does not natively support the Imperva firewall.  This means out-of-the-box, CS-MARS cannot parse any messages received by this device.  You could create your own custom device using the CS-MARS Device Support Framework (DSF).  This requires creating custom parsers for the various messages you wish to have CS-MARS parse and map to a CS-MARS event.  This process is outlined here:


http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/user/guide/combo/cfgCustm.html


  There is also a custom device package sharing forum here in the community:


https://supportforums.cisco.com/community/netpro/security/mars-pkg?view=discussions


  I do not currently see any discussion in that forum regarding the Imperva firewall.


Scott

Actions

This Discussion