From c08d291b7d0667ccbdbdab79d31167ae9b8c41b8 Mon Sep 17 00:00:00 2001 From: Anastasia Alexadrova Date: Mon, 21 Jul 2025 14:02:40 +0300 Subject: [PATCH 1/4] PSMDB-1743 Documented integration with Imperva DSF modified: mkdocs-base.yml New file: docs/imperva.md --- docs/imperva.md | 46 ++++++++++++++++++++++++++++++++++++++++++++++ mkdocs-base.yml | 4 +++- 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 docs/imperva.md diff --git a/docs/imperva.md b/docs/imperva.md new file mode 100644 index 000000000..ce72279b6 --- /dev/null +++ b/docs/imperva.md @@ -0,0 +1,46 @@ +# Integration with Imperva Data Security Fabric (DSF) + +!!! note "Version added: [8.0.8-3](release_notes/8.0.8-3.md)" + +Integrating [Percona Server for MongoDB Pro](psmdb-pro.md) with [Imperva Data Security Fabric (DSF) :octicons-link-external-16:](https://www.thalestct.com/imperva-data-security-fabric/) by Thales enables enterprise-grade auditing, monitoring, and behavioral analytics for sensitive data activity. + +Data Security Fabric (DSF) includes three core components: + +* DSF Hub (Sonar): is the central platform that ingests, stores, and normalizes audit data from your MongoDB instances. +* Database Activity Monitoring (DAM): Enforces policies for access control and behavioral inspection, enabling real-time detection of unauthorized activity or misuse. +* Data Risk Analytics (DRA): Applies machine learning and behavior modeling to uncover anomalies, prioritize risk, and provide actionable intelligence for security and compliance teams. + +Together, these components provide continuous compliance coverage, rapid breach detection, and scalable visibility across hybrid or cloud-hosted MongoDB deployments. + +## How it works + +Percona Server from MongoDB native audit logging that captures detailed user actions, administrative events, and query operations. These audit logs are ingested into the Imperva DSF Hub, where they are normalized, stored securely, and analyzed. Administrators can define policies, monitor activity, and trigger alerts based on access behavior. + +Audit logs can be enriched with the debug symbols available in Percona Server for MongoDB Pro. This enrichment enhances event parsing, improves context accuracy, and supports deep operational visibility. + +!!! note + + Non Percona Customers can include debug symbols by [building Percona Server for MongoDB from the source code](install/source.md). + + +This integration provides the following benefits: + +* Deep visibility into MongoDB operations enhanced with debug symbols. +* Automated compliance via audit-ready reporting +* Behavioral threat detection tailored to MongoDB workloads +* Scalable protection across on-premises, hybrid, and cloud deployments + +## Version compatibility + +* Percona Server for MongoDB Pro starting with versions 6.0.21-18, 7.0.18-11, 8.0.8-3 +* Imperva DSF version 14.9 or later + +## Configuration + +For setup instructions, consult the [Percona Server for MongoDB Onboarding Steps + :octicons-link-external-16:](https://docs-cybersec.thalesgroup.com/bundle/onboarding-databases-to-sonar-reference-guide/page/Percona-Server-for-MongoDB-Onboarding-Steps_48368154.html). + + + + + diff --git a/mkdocs-base.yml b/mkdocs-base.yml index 09689f053..9133c3008 100644 --- a/mkdocs-base.yml +++ b/mkdocs-base.yml @@ -221,7 +221,9 @@ nav: - "Use local keyfile": keyfile.md - "Migrate from keyfile to Vault": encryption-mode-switch.md - fips.md - - audit-logging.md + - Auditing: + - Audit logging: audit-logging.md + - Integration with Imperva DSF: imperva.md - rate-limit.md - log-redaction.md - ngram-full-text-search.md From 33cef5f96226dd2fd879ef01f79a03f27bbc5a7a Mon Sep 17 00:00:00 2001 From: Anastasia Alexandrova Date: Tue, 19 Aug 2025 15:50:00 +0200 Subject: [PATCH 2/4] Update docs/imperva.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- docs/imperva.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/imperva.md b/docs/imperva.md index ce72279b6..f2d593a1d 100644 --- a/docs/imperva.md +++ b/docs/imperva.md @@ -14,7 +14,7 @@ Together, these components provide continuous compliance coverage, rapid breach ## How it works -Percona Server from MongoDB native audit logging that captures detailed user actions, administrative events, and query operations. These audit logs are ingested into the Imperva DSF Hub, where they are normalized, stored securely, and analyzed. Administrators can define policies, monitor activity, and trigger alerts based on access behavior. +Percona Server for MongoDB uses native audit logging that captures detailed user actions, administrative events, and query operations. These audit logs are ingested into the Imperva DSF Hub, where they are normalized, stored securely, and analyzed. Administrators can define policies, monitor activity, and trigger alerts based on access behavior. Audit logs can be enriched with the debug symbols available in Percona Server for MongoDB Pro. This enrichment enhances event parsing, improves context accuracy, and supports deep operational visibility. From c544a709ba444136dd961596f405a384ea3fc7c9 Mon Sep 17 00:00:00 2001 From: Santo Leto Date: Tue, 26 Aug 2025 13:48:57 +0200 Subject: [PATCH 3/4] resolve conflict - tmp commit --- mkdocs-base.yml | 60 +++++++++++++++++++++++++++++-------------------- 1 file changed, 36 insertions(+), 24 deletions(-) diff --git a/mkdocs-base.yml b/mkdocs-base.yml index 9133c3008..42145253e 100644 --- a/mkdocs-base.yml +++ b/mkdocs-base.yml @@ -25,13 +25,13 @@ theme: icon: edit: material/file-edit-outline view: material/file-eye-outline - + features: - search.highlight - search.share - search.suggest - navigation.top - - navigation.tracking + - navigation.tracking - navigation.instant - navigation.instant.progress - content.tooltips @@ -41,9 +41,9 @@ theme: - content.code.copy - content.code.annotate - toc.follow - + palette: - + # Automatic mode based on system preferences - media: "(prefers-color-scheme)" @@ -97,10 +97,10 @@ markdown_extensions: pymdownx.details: {} pymdownx.mark: {} pymdownx.smartsymbols: {} - pymdownx.tabbed: + pymdownx.tabbed: {alternate_style: true} pymdownx.tilde: {} - pymdownx.superfences: + pymdownx.superfences: custom_fences: - name: mermaid class: mermaid @@ -109,9 +109,10 @@ markdown_extensions: linenums: false pymdownx.inlinehilite: {} pymdownx.snippets: - base_path: + base_path: - snippets - docs/install + - docs/ # auto_append: # - services-banner.md pymdownx.tasklist: @@ -123,13 +124,13 @@ markdown_extensions: custom_icons: - _resource/overrides/.icons - + plugins: # section-index: {} - search: + search: separator: '[\s\-,:!=\[\]()"/]+|(?!\b)(?=[A-Z][a-z])|\.(?!\d)|&[lg]t;' - git-revision-date-localized: + git-revision-date-localized: enable_creation_date: true enabled: !ENV [ENABLED_GIT_REVISION_DATE, True] meta-descriptions: @@ -138,7 +139,7 @@ plugins: enable_checks: false min_length: 50 max_length: 160 - glightbox: + glightbox: touchNavigation: false git-committers: enabled: !ENV [CI, false] @@ -182,7 +183,7 @@ nav: - Home: index.md - psmdb-pro.md - get-help.md - - Get started: + - Get started: - Quickstart guides: 'install/index.md' - 1. Installation: - 'System requirements': 'system-requirements.md' @@ -197,7 +198,7 @@ nav: - "2. Connect to Percona Server for MongoDB": connect.md - "3. Manipulate data in Percona Server for MongoDB": crud.md - "4. What's next?": what-next.md - - Features: + - Features: - Feature comparison with MongoDB: comparison.md - Storage: - "Percona Memory Engine": "inmemory.md" @@ -206,14 +207,24 @@ nav: - backup-cursor.md - Authentication: - "Authentication overview": "authentication.md" - - enable-auth.md - - sasl-auth.md - - x509-ldap.md + - AWS IAM: + - AWS IAM authentication: aws-iam.md + - aws-iam-setup.md - kerberos.md - - aws-iam.md - - aws-iam-setup.md - - authorization.md - - ldap-setup.md + - LDAP: + - LDAP authorization: authorization.md + - sasl-auth.md + - x509-ldap.md + - ldap-setup.md + - OIDC: + - OIDC authentication: oidc.md + - Configure OIDC authentication: + - With Okta: oidc-okta.md + - With Microsoft Entra: oidc-entra.md + - With Ping Identity: oidc-ping.md + - With Keycloak: oidc-keycloak.md + - OIDC authentication and LDAP authorization: oidc-ldap.md + - enable-auth.md - Encryption: - "Data at rest encryption": "data-at-rest-encryption.md" - "Use Vault": vault.md @@ -221,14 +232,14 @@ nav: - "Use local keyfile": keyfile.md - "Migrate from keyfile to Vault": encryption-mode-switch.md - fips.md - - Auditing: - - Audit logging: audit-logging.md - - Integration with Imperva DSF: imperva.md + - fcbis.md + - audit-logging.md - rate-limit.md - log-redaction.md - ngram-full-text-search.md - Administration: - "Tune parameters": "set-parameter.md" + - log-rotation.md - mongos-config.md - Upgrade: - "Upgrade from 7.0 to 8.0": "install/upgrade-from-70.md" @@ -238,6 +249,7 @@ nav: - install/uninstall.md - Release notes: - "Release notes index": "release_notes/index.md" + - release_notes/8.0.12-4.md - release_notes/8.0.8-3.md - release_notes/8.0.4-2.md - release_notes/8.0.4-1.md @@ -246,5 +258,5 @@ nav: - glossary.md - telemetry.md - copyright.md - - trademark-policy.md + - trademark-policy.md - Join Percona Squad: "https://squad.percona.com/mongodb" From fe674384071da10409ae72ee7ecea6c4af37e0a4 Mon Sep 17 00:00:00 2001 From: Santo Leto Date: Tue, 26 Aug 2025 13:51:42 +0200 Subject: [PATCH 4/4] resolve conflict - restore changes made in the toc by this pr --- mkdocs-base.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/mkdocs-base.yml b/mkdocs-base.yml index 42145253e..ca7d31c6e 100644 --- a/mkdocs-base.yml +++ b/mkdocs-base.yml @@ -233,7 +233,9 @@ nav: - "Migrate from keyfile to Vault": encryption-mode-switch.md - fips.md - fcbis.md - - audit-logging.md + - Auditing: + - Audit logging: audit-logging.md + - Integration with Imperva DSF: imperva.md - rate-limit.md - log-redaction.md - ngram-full-text-search.md