Professional Documents
Culture Documents
WAF Imperva - Alerts and Monitoring - 26122017
WAF Imperva - Alerts and Monitoring - 26122017
Dashboard
• Snapshot views of gateways, server groups, system’s load, connections
per second.
Alerts
• Aggregated information on groups of violation events.
Violations
• Un-grouped chronological list of violation events.
System Events
• Internal SecureSphere change and health history.
Blocked Sources
• Source of communications that have been quarantined for violating a
security policy.
• Result of “Block” followed action.
SOM Status
Latest Alerts
Gateways
Running
Warning
Violation
Simple alert
Violating
VIOLATION created for each
Event
policy violation
?
Alert
a te Aggregation
Cre
monitoring
1 hr
Yes
No since last
Related to existing
Alert? New Alert update
END
No Aggregation
Yes Update 12 hrs
Yes
Alert since
Aggregate with start
existing alert
No
• Apply.
The filter icon next category
indicates filter applied
• Use Clear button at the bottom to
remove any basic filtering applied
© 2015 Imperva, Inc. All rights reserved.
2 Criteria Selected in Basic Filter between
Categories
Go to Main > Monitor > Alerts.
Basic Filters use:
• ‘AND’ between categories
• ‘OR’ within categories
AND
Go to Main >
Monitor > Alerts.
Unread = Bold.
Read = Regular.
Right click to Mark.
Acknowledged =
check.
Dismissed = x mark
Important =
exclamation point.
Open knowledge
base.
Directly view the
policy for event.
Add this event as an
exception to the
policy.
Add this profile
violation to “good”
profile behavior.
Go to Main >
Monitor >
Violations.
Open the
knowledge
base to
understand
why the event
is considered
a violation.
Go to Main >
Monitor >
Alerts.
Select the
blocked Alert
from the Alert
list pane.
Click the
Policy
hyperlink in
the Alerts
detail pane.