dbsec.imperva
Introduction
The tags beginning with dbsec.imperva
identify events generated by Imperva.
Valid tags and data tablesÂ
The full tag must have 3 levels. The first two are fixed as dbsec.imperva
. The third level identifies the type of events sent.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
Imperva SecureSphere |
|
|
|
| |
|
|
For more information, read more About Devo tags.
Table structure
These are the fields displayed in these tables:
dbsec.imperva.securesphere.alerts
Field | Type | Extra fields |
---|---|---|
eventdate |
| Â |
hostname |
| Â |
leefVer |
| Â |
vendor |
| Â |
product |
| Â |
version |
| Â |
eventID |
| Â |
type |
| Â |
Alert_Action |
| Â |
Alert_Date |
| Â |
Policy_Name |
| Â |
usrName |
| Â |
host |
| Â |
violations |
| Â |
Server_Group |
| Â |
Service_Name |
| Â |
app |
| Â |
sourceapp |
| Â |
proto |
| Â |
src |
| Â |
dst |
| Â |
spt |
| Â |
dpt |
| Â |
severity |
| Â |
Violated_Item |
| Â |
Violation_Description |
| Â |
description |
| Â |
VIO_LIST |
| Â |
Gateway |
| Â |
Raw_Data |
| Â |
hostchain |
|  ✓ |
tag |
|  ✓ |
rawMessage |
| Â |
dbsec.imperva.securesphere.events
Field | Type | Extra fields |
---|---|---|
eventdate |
| Â |
hostname |
| Â |
leefVer |
| Â |
vendor |
| Â |
product |
| Â |
version |
| Â |
eventID |
| Â |
Server_Group |
| Â |
Service_Name |
| Â |
Application_Name |
| Â |
Source_Type |
| Â |
User_Type |
| Â |
usrName |
| Â |
User_Group |
| Â |
Authenticated |
| Â |
App_User |
| Â |
src |
| Â |
Application |
| Â |
OS_User |
| Â |
Host |
| Â |
Service_Type |
| Â |
dst |
| Â |
Event_Type |
| Â |
Operation |
| Â |
Operation_type |
| Â |
Policy_Name |
| Â |
Object_name |
| Â |
Object_type |
| Â |
Subject |
| Â |
Database |
| Â |
Schema |
| Â |
Table_Group |
| Â |
Sensitive |
| Â |
Privileged |
| Â |
Stored_Proc |
| Â |
Completed_Successfully |
| Â |
Raw_Data |
| Â |
Bind_Variables |
| Â |
Error |
| Â |
Response_Size |
| Â |
Response_Time |
| Â |
Affected_Rows |
| Â |
devTimeFormat |
| Â |
devTime |
| Â |
Event |
| Â |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| Â |
dbsec.imperva.securesphere.system
Field | Type | Extra fields |
---|---|---|
eventdate |
| Â |
hostname |
| Â |
leefVer |
| Â |
vendor |
| Â |
product |
| Â |
version |
| Â |
eventID |
| Â |
type |
| Â |
date |
| Â |
severity |
| Â |
user |
| Â |
inner_message |
| Â |
hostchain |
|  ✓ |
tag |
|  ✓ |
rawMessage |
| Â |