Scribd Logo
Upload

Welcome to Scribd!

  • WAF Imperva - Deployment Monitoring - 26122017

    Uploaded by

    Zanuar Dwi Rockavanka
    100 views33 pages
    The document discusses monitoring SecureSphere deployments through system events, job status, software updates, and system performance. It describes how to view these monitoring features in the SecureSphere interface and set up policies and notifications. System events track changes, job status monitors scheduled tasks, software updates notify of new releases, and performance monitors server and gateway resource usage.

    Original Description:

    Original Title

    WAF Imperva - Deployment Monitoring - 26122017

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses monitoring SecureSphere deployments through system events, job status, software updates, and system performance. It describes how to view these monitoring features in the SecureSphere interface and set up policies and notifications. System events track changes, job status monitors scheduled tasks, software updates notify of new releases, and performance monitors server and gateway resource usage.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    100 views33 pages

    WAF Imperva - Deployment Monitoring - 26122017

    Uploaded by

    Zanuar Dwi Rockavanka
    The document discusses monitoring SecureSphere deployments through system events, job status, software updates, and system performance. It describes how to view these monitoring features in the SecureSphere interface and set up policies and notifications. System events track changes, job status monitors scheduled tasks, software updates notify of new releases, and performance monitors server and gateway resource usage.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 33

    Lesson 8: Deployment Monitoring

    © 2015 Imperva, Inc. All rights reserved.


    Monitoring System Events

    © 2015 Imperva, Inc. All rights reserved.


    System Events

     Go to Main > Monitoring > System Events.


     Reasons for System Events
    • Status changes in SecureSphere
    • Audit changes made by Administrators
    • Record changes made by SecureSphere automatically

    © 2015 Imperva, Inc. All rights reserved.


    Monitoring System Events

     Go to Main > Monitor > System Events.


     System Events shows SecureSphere changes like
    Gateway status, configuration change, user permissions.

    © 2015 Imperva, Inc. All rights reserved.


    System Events Monitor

     Go to Main > Monitor > System Events.


     Tracks changes
    • Automatic
     Profile Learning
     APU

    • Manual
     Administrator

    © 2015 Imperva, Inc. All rights reserved.


    System Events Trigger Thresholds

     Go to Admin > System Definitions.


     Open Management Server Settings >System Events
    Notifications.

    © 2015 Imperva, Inc. All rights reserved.


    System Event Policies

    © 2015 Imperva, Inc. All rights reserved.


    System Event Policies

     Changes to system can represent risk.


     System Event Policies define what SecureSphere is to do
    when certain system events occur.
     These are not a result of policy violation by monitored
    traffic.

    © 2015 Imperva, Inc. All rights reserved.


    Best Practice: Consider Creating These
    System Event Policies
     Here are a few system event policies for your organization’s consideration.
    Policy Name Type Matching Text Followed Action
    GW Overflow Gateway Overflow <action set>
    Lost Data Audit Error lost audit data <action set>
    GW Throughput Gateway Throughput 80% of Max <action set>
    Profile Size Profile Size Limit <action set>
    Server Status Alert Server Status <action set>
    Login Failed by Admin Login Failed admin <action set>
    GW GatewayEnteredBypass <action set>
    Hardware Hardware Failure <action set>
    GW CPU Gateway CPU utilization 80 Warn <action set>
    GW CPU Critical Gateway CPU utilization 90 Critical <action set>
    GW Low Disk Space GatewayLowFreeSpace 80% of disk <action set>
    GW Minimal Disk Space GatewayLowFreeSpace 90% of disk <action set>
    ADC Download Succeeded ADC download succeeded <action set>
    Login Failed Login Failed <action set>
    Policy Changed Policy Changed <action set>
    Note: Grey text is not included in the Matching Text field.

    © 2015 Imperva, Inc. All rights reserved.


    Configuring System Event Policies vs. Configuring
    System Event Notification Settings

     Most logging configuration is


    hard-coded
    • System Event Logs found in
    Main > Monitor > System Events

     Notifying or other actions for System Events requires a System Event


    Policy in Main > Policies > System Events
     Some logging configuration in Admin > System Definitions > System
    Event Notifications.

    © 2015 Imperva, Inc. All rights reserved.


    Example: Veda PCI – Monitoring Admin

     For PCI Compliance, all administrative accounts should


    be named individually.
     For SecureSphere, the admin account can not be
    renamed or locked.
     Companies can address this with the following steps:
    1. Create named administrator accounts for SecureSphere users.
    2. The Chief Information Security Officer sets a complex password
    for the ‘admin’ account and stores it in a safe location.
    3. Configure System Event Policies to record ANY activity for the
    ‘admin’ user: Login, Logout, Password Change, Password
    Reset, and Failed Logins.
    4. Assign a Followed Action to alert / notify on any ‘admin’ activity.
    5. Do NOT use the ‘admin’ account. (except for emergencies).
    © 2015 Imperva, Inc. All rights reserved.
    Example: Veda PCI – Monitoring Admin

     Go to Main > Policies > System Events.

     Create New Policy.


     Select an event type on which
    to base policy action.

    © 2015 Imperva, Inc. All rights reserved.


    Example: Veda PCI – Monitoring Admin

     Use Shift + Click or CTRL + Click to select multiple


    System Event Policies.
     Right Click on one of the selected policies to bring up the
    “Set Followed Action” Menu.

     Select the Followed Action and Save.

    © 2015 Imperva, Inc. All rights reserved.


    Example: Veda PCI – Monitoring Admin

     The default policy would


    trigger when ANY user
    password changes.
    Go to Main > Monitor > System Events.
     Notice that the System
    Event log will help identify
    the desired Text Segment.
     To be selective, define Go to Main > Policies > System Events.
    Matching Text Segments.
    • Not always “literal”.
     Verify Followed Action.

    © 2015 Imperva, Inc. All rights reserved.


    System Performance

    © 2015 Imperva, Inc. All rights reserved.


    System Performance: Management Server

     Go to Admin > System Performance.


     Select Management Server.
     Downloads: Performance CSV and MX Tech Info file.

    CPU Utilization by Activity

    System Load Over Time

    © 2015 Imperva, Inc. All rights reserved.


    System Performance: Gateway and Agents

     Go to Admin > System Performance. Select Gateways & Agents.


    Go to Main > Setup > Gateways.
    Select Gateway Group.

    © 2015 Imperva, Inc. All rights reserved.


    Job Status

    © 2015 Imperva, Inc. All rights reserved.


    Job Status

     Go to Admin > Job Status

     Scheduling
     History
     Followed
    Action

    © 2015 Imperva, Inc. All rights reserved.


    Software Updates

    © 2015 Imperva, Inc. All rights reserved.


    Deployment Monitoring With Software
    Updates
     GUI Administrators provided with available updates about
    all components: MX, Gateway, Agents
    • Notified about every release and upgrade
    • Get only notifications relevant to your system
     Software update functionality for MX and Gateway
    components is informational only.
    • Still download patches, upgrades via ftp.
    • Reminder: perform a system export prior to upgrades and
    patches.
     Download, upload, distribute, install functions are
    available for Agents only using Agent Installation
    Manager.

    © 2015 Imperva, Inc. All rights reserved.


    Software Update Notification

     Go to the Main workspace.

    Software update notification


    message now appears in lower
    portion of GUI

    © 2015 Imperva, Inc. All rights reserved.


    Software Updates View: MX and Gateway

     Go to Main > Setup > Software Update.

    Clicking either icon directs you


    to the Imperva ftp site

    © 2015 Imperva, Inc. All rights reserved.


    Software Update Settings: Online Mode

     Go to Admin > System Definitions.


     Open Management Server Settings.
     Select Software Update Settings.

    “Enable direct software update notifications”


    setting enabled by default.

    © 2015 Imperva, Inc. All rights reserved.


    Viewing Updated Information

     Go to Main > Setup > Software Update.


     Click on ‘View Details”or “+n more” in Target Version.

    © 2015 Imperva, Inc. All rights reserved.


    Software Update View: With Agent Detail

     Go to Main > Setup > Software Update.


    Filters Toolbar

    Update versions
    Status in
    Urgency workflow Agents

    Suggested Action
    Current state

    © 2015 Imperva, Inc. All rights reserved.


    Job Status

     Go to Admin > Job Status.


     Select Software Update to view last Synchronization job.

    © 2015 Imperva, Inc. All rights reserved.


    Software Update System Event Policies

     Policy types are available for  To create, go to Main > Policies


    system event policies: > System Events.
    • Software update is available - • Click the plus icon and name
    new release. policy.
    • Software update is available – • Select software update policies
    recommended. type.

    © 2015 Imperva, Inc. All rights reserved.


    MX Cannot Access imperva.com?

     Use “Offline” mode


    • The Administrator manually fetches the available packages
    information
    • Administrator exports “inventory” file from MX
    • Administrator sends it to through the Customer Portal and
    receives information about relevant updates
    • Administrator uploads it back to the MX

    © 2015 Imperva, Inc. All rights reserved.


    Offline Mode

     Go to Admin > System Definitions.


     Open Management Server Settings.
     Select Software Update Settings.

    Clear the “Enable direct software update


    notifications” checkbox.

    © 2015 Imperva, Inc. All rights reserved.


    Offline Mode

     Go to Main > Setup > Software Updates.


     Click More > Manual Check for Updates.
     Follow the steps in window.

    © 2015 Imperva, Inc. All rights reserved.


    Offline Mode (Continued)

     Uploading the Software Snapshot on the Customer


    Service Portal:
    • My Account > Software Updates

    34 © 2015 Imperva, Inc. All rights reserved.


    Questions?

    © 2015 Imperva, Inc. All rights reserved.

    You might also like