Events from Imperva FW (SS-WAF-G2G)

Answered Question
Sep 17th, 2010

Hi,

Does anybody know what are the capabilities of MARS to support Imperva FireWalls? Maybe someone has this type of FW in their MARS environment? I am concerning about pulling as much info as possible to CS-MARS from this device. I would appreciate if some would share their experience with me.

Regards,

GP

I have this problem too.
0 votes
Correct Answer by Scott Fringer about 6 years 2 months ago

GP;

  CS-MARS does not natively support the Imperva firewall.  This means out-of-the-box, CS-MARS cannot parse any messages received by this device.  You could create your own custom device using the CS-MARS Device Support Framework (DSF).  This requires creating custom parsers for the various messages you wish to have CS-MARS parse and map to a CS-MARS event.  This process is outlined here:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/user/guide/combo/cfgCustm.html

  There is also a custom device package sharing forum here in the community:

https://supportforums.cisco.com/community/netpro/security/mars-pkg?view=discussions

  I do not currently see any discussion in that forum regarding the Imperva firewall.

Scott

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Scott Fringer Sat, 09/18/2010 - 06:52

GP;

  CS-MARS does not natively support the Imperva firewall.  This means out-of-the-box, CS-MARS cannot parse any messages received by this device.  You could create your own custom device using the CS-MARS Device Support Framework (DSF).  This requires creating custom parsers for the various messages you wish to have CS-MARS parse and map to a CS-MARS event.  This process is outlined here:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/user/guide/combo/cfgCustm.html

  There is also a custom device package sharing forum here in the community:

https://supportforums.cisco.com/community/netpro/security/mars-pkg?view=discussions

  I do not currently see any discussion in that forum regarding the Imperva firewall.

Scott

Actions

This Discussion