Importing Audit Archives for Analysis

Archived audit data can be uploaded to Imperva, then filtered and dissected using the same tools as online data. No permissions are required to import an archive. Once archived data is uploaded back into Imperva DAM, the imported policy can be selected from the Policy dropdown window from the Imported Archives section. It is important to note that you can only see services and policies for which you have permissions. Imported archive data is then displayed per policy, and can be selected as the basis on which to filter and dissect data.

To import an archive back into Imperva DAM:

1. In the Main workspace, select Audit. The Audit window appears.
2. Click the Archive Management link at the top of the window. Archive management options are displayed.
3. From the top of the Loaded Archives pane, click Open. The Upload audit archive file dialog box appears.
4. From the Upload audit archive file dialog box, click Browse, then navigate to the location of the audit file previously archived.
5. Under Archive Name, type a user friendly name which will enable you and other users to easily identify the archive file in SecureSphere. For example, audit-{policy-name}-{start-date}-{end-date}.
6. Select an Archive Settings. Determines whether or not the archive is encrypted, and what key to use for decryption. You should use the same settings as used for encryption. For more information on archive settings, see Managing Archive and Key Settings.
7. Click Upload. Audit data is uploaded to SecureSphere. The archive appears in the loaded archives pane where you can also see archive details.
8. Go to the Audit Data window and open the Policy dropdown list. The Archive you imported is available from the Imported Archives category.

You can optionally configure a time frame, and filter the imported data as you would current audit data. For further information on displaying audit data, see Selecting Data to Display.