Hi Guys,I Currently have a problem with Imperva Incapsula Integration with the QRadar SIEM.For the integration we are using Universal REST API integration from the Incapsula cloud.In the QRadar Log Source interface, I have configured the log source as needed when first created, and for the automation workflow, we are using the XML Workflow and parameters under IBM GitHub page for community developed scripts for known vendor components (see links below).Incapsula-Workflow.xml:https://github.com/IBM/IBM-QRadar-Universal-Cloud-REST-API/blob/master/Community%20Developed/Imperva%20Incapsula/Incapsula-Workflow.xmlIncapsula-Workflow-Parameters.xml:https://github.com/IBM/IBM-QRadar-Universal-Cloud-REST-API/blob/master/Community%20Developed/Imperva%20Incapsula/Incapsula-Workflow-Parameters.xmlWhen testing the log source in the Test tab under the log source interface - seems like inthe test I'm able fetching logs (which according to their UNIX timestamp - from 2 days ago), but when looking for logs while filtering for the Log Source, Associated Processor, Collector, and DSM, seems like no logs present under any of the components.In the workflow parameters I inserted the host (Incapsula cloud subdomain) path (the dedicated path provided by Imperva for the client), API ID (username), and API Key (password) as requested in the XML Workflow Parameters.Seems like the logs are not passing to the configured collector and therefore not arriving to the desired DSM for parsing.I have already talked with Imperva support, which told me that as far as their concern the problem could be with certain internal QRadar component and not associated to Imperva in any way, since we used Postman to navigate to the desired folder, and saw logs present in the Incapsula cloud folder under the Incapsula domain.According to Imperva Documentation, a Python script is required for downloading thelogs from the Imperva cloud (see reference in Imperva GitHub page as Imperva suggests) but as far as I understand, the <PostEvent> parameters in the XML Workflow, should be enough for automation mechanism for the log reception.Link: https://github.com/imperva/incapsula-logs-downloaderPlease, I would highly appreciate if someone can help me with this issue since the technical support can't help with this issue. Thank you in advance!
This site has a lot of groups for different topics, each with their own forums.
This one is for IBM API Connect.
I suggest you might do better asking a qradar question in the qradar group?