Configuring Imperva DAM to Export DB Audit Data to Imperva Sonar
- Last UpdatedMar 14, 2025
- 6 minute read
Exporting DB Audit and DB Security Events to Imperva Sonar enables you to leverage the powerful analysis tools available in Imperva Sonar. Indeed, it is recommended that you export all your audit data to Imperva Sonar for the purposes of archiving, reporting and forensics.
Warning:
|
In order to configure Imperva DAM to send DB audit data to Sonar, do one of the following:
- Configure the Default Archive Action Set with the new Sonar Archiver action, in which case all policies configured with this action set will export their DB audit data to Sonar.
- Create a new Archiving Action Set and configure it with the new Sonar Archiver action, and then configure individual policies to use it.
After exporting the DB audit data to Imperva Sonar it will appear in SonarK, where you will be able to run reports, create dashboards and do forensics on all of the data according to the retention period you have purchased.
Notes:
|
To configure an action set to export audit data to Imperva Sonar:
- In the Main workspace, select Policies > Action Sets. The Action Sets window appears.
- Either:
Configure the Default Archive Action Set so that all policies using this action set export DB audit data to Sonar:
- Select the Default Archive Action Set.
- Remove any existing actions from the action set by clicking on the blue arrow.
- For the Sonar Archiver > Send to Sonar action, click the green arrow
. The action appears at the top of the list.
- Click the expand button for the action to view its parameters.
- Type a Name for the new action, and then give values to its parameters as follows:
- Host: The IP or hostname of the Sonar machine to which the audit is exported
- Port: The connection port of the Sonar machine to which the audit is exported. The default value is 8443.
- API token: The authentication token that provides access to the Sonar machine. It is a prebuilt token included in DSF Hub to facilitate authentication when exporting database audit data to DSF Hub. You can find information about this token in the Tokens Management window (see the token for which Token used by Archiver endpoints security is stated in the Reason column). For more information, see the Managing Authorization Tokens topic in the Sonar Administration Guide for your version.
- Validate Server Side Certificate Against a CA: Check this box if you want to validate the Sonar machine's certificate against a Certificate Authority.
- Internal CA Certificate: The certificate string for your internal CA if you have one.
- Enrichment Document: This field should be empty unless you are instructed otherwise.
- Click Save.
or:
Configure a new Action Set so that selected polices export audit data to Sonar:
- In the Action Sets pane, click
New. The Action Set dialog box appears.
- Type a Name for the action set.
- Select the Archiving option as the Action Set type.
- Find the Sonar Archiver action and click on the green arrow
for it. The action set appears at the top of the list.
- Click the expand button for the action set to view its parameters.
- Type a Name for the new action, and then give values to its parameters as follows:
- Host: The IP or hostname of the Sonar machine to which the audit is exported
- Port: The connection port of the Sonar machine to which the audit is exported. The default value is 8443.
- API token: The authentication token that allows the DAM Gateway to authenticate audit data files and update then update them to the DSF Hub machine. It is a prebuilt token included in DSF Hub to facilitate authentication when exporting DB Audit Data to DSF Hub. You can find information about this token in the Tokens Management window (see the token for which Token used by Archiver endpoints security is stated in the Reason column). For more information, see the Managing Authorization Tokens topic in the Sonar Administration Guide for your version.
- Validate Server Side Certificate Against a CA: Check this box if you want to validate the Sonar machine's certificate against a Certificate Authority.
- Internal CA Certificate: The certificate string for your internal CA if you have one.
- Enrichment Document: This field should be empty unless you are instructed otherwise.
- Click Save.
Notes:
- You can add only one Sonar Archiver > Send to Sonar action to your action set.
- An action set that has the Sonar Archiver > Send to Sonar action can have no other actions.
- Only a single action set in the system can have a Sonar Archiver action in it.
To configure a policy to use the action set to send audit data to Sonar:
- In the Main workspace, select Policies > Audit.
- Select the audit policy whose audit data you want to export.
- Click the Archiving tab.
- From the Archiving Action Set drop down list, verify that the selected action set is either the action set which includes the Sonar Archiver action that you configured in the previous step, or the new action set you created to send audit data to Sonar. Note the following:
- Archive Settings is unavailable.
- Selecting Include audit response data in archiving process is unavailable, since audit responses cannot be sent to Sonar.
- Scheduling is unavailable. Audit data is exported to Sonar continually.
- Defining the Purge records older than value has no meaning in the context of policies that are configured to export data o Sonar since data is purged from the Gateway continually. On Sonar, everything is preserved according to the retention period defined in Sonar.
- Click Save.