Powered by Zoomin Software. For more details please contactZoomin

Database Activity Monitoring User Guide

Source Type
Application Security
Data Security
Network Security
Application Performance
Product Versions
Hypervisor Installation
Document Type
Public Cloud
    Community Content Type
      Product Area
      This guide

      Importing Audit Archives for Analysis

      Table of Contents

      Importing Audit Archives for Analysis

       Importing Audit Archives for Analysis

      Archived audit data can be uploaded to Imperva, then filtered and dissected using the same tools as online data. No permissions are required to import an archive. Once archived data is uploaded back into Imperva DAM, the imported policy can be selected from the Policy dropdown window from the Imported Archives section. It is important to note that you can only see services and policies for which you have permissions. Imported archive data is then displayed per policy, and can be selected as the basis on which to filter and dissect data.

      Notes:

      • If the archive includes policies and services which have since been deleted, only the administrator can see them.
      • While several archives can be imported into Imperva DAM (one by one), you can only analyze a single imported archive at a time.
      • If your MX is configured as a Large Scale MX, archive management is unavailable in the MX as it is managed by Sonar and can be viewed and analyzed there. For more information, see Understanding Large Scale Gateways and Large Scale MX.
      • For further information about upgrade options and limitations, refer to the Imperva DAM Upgrade Guide.

      To import an archive back into Imperva DAM:

      1. In the Main workspace, select Audit. The Audit window appears.
      2. Click the Archive Management link at the top of the window. Archive management options are displayed.
      3. From the top of the Loaded Archives pane, click Open. The Upload audit archive file dialog box appears.
      4. From the Upload audit archive file dialog box, click Browse, then navigate to the location of the audit file previously archived.
      5. Under Archive Name, type a user friendly name which will enable you and other users to easily identify the archive file in SecureSphere. For example, audit-{policy-name}-{start-date}-{end-date}.
      6. Select an Archive Settings. Determines whether or not the archive is encrypted, and what key to use for decryption. You should use the same settings as used for encryption. For more information on archive settings, see Managing Archive and Key Settings.
      7. Click Upload. Audit data is uploaded to SecureSphere. The archive appears in the loaded archives pane where you can also see archive details.
      8. Go to the Audit Data window and open the Policy dropdown list. The Archive you imported is available from the Imported Archives category.

      Note: When working with an imported archive, the only time frame available is the custom time frame.

      You can optionally configure a time frame, and filter the imported data as you would current audit data. For further information on displaying audit data, see Selecting Data to Display.

      Was this topic helpful?