Imperva WAF
Imperva WAF Pack.#
This Integration is part of theUse the Imperva WAF integration to manage IP groups and Web security policies in Imperva WAF. This integration was integrated and tested with version 14.2 of Imperva WAF and based on Imperva On-Premises WAF (SecureSphere) REST API.
#
Configure Imperva WAF in CortexParameter | Description | Required |
---|---|---|
url | Server URL (e.g. https://example.net\) | True |
credentials | Username | True |
insecure | Trust any certificate (not secure) | False |
proxy | Use system proxy settings | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
imperva-waf-ip-group-listGet a list of existing IP Group names.
#
Base Commandimperva-waf-ip-group-list
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
ImpervaWAF.IpGroup.Name | String | The name of the IP Group |
#
Command Example!imperva-waf-ip-group-list
#
Context Example#
Human Readable Output#
IP groups
Name All Search Engines FireEye Trusted Appliances Bad IP Adresses Google IP Addresses
#
imperva-waf-ip-group-list-entriesGet a list of the entries in the requested IP group.
#
Base Commandimperva-waf-ip-group-list-entries
#
InputArgument Name | Description | Required |
---|---|---|
ip-group-name | The name of the IP Group | Required |
#
Context OutputPath | Type | Description |
---|---|---|
ImpervaWAF.IpGroup.Entries.Type | String | Type of address (Single, range or network) |
ImpervaWAF.IpGroup.Entries.CidrMask | Number | Network significant bits |
ImpervaWAF.IpGroup.Entries.NetworkAddress | String | Network address |
ImpervaWAF.IpGroup.Entries.IpAddressTo | String | End IP address |
ImpervaWAF.IpGroup.Entries.IpAddressFrom | String | Start IP address |
#
Command Example``!imperva-waf-ip-group-list-entries ip-group-name=
Google IP Addresses````
#
Context Example#
Human Readable Output#
IP group entries for Google IP Addresses
Type IpAddressFrom IpAddressTo range 1.2.3.4 2.3.4.5 range 1.2.3.4 2.3.4.5 range 1.2.3.4 2.3.4.5
#
imperva-waf-ip-group-remove-entriesRemove all the entries from an IP Group indicated by group name.
#
Base Commandimperva-waf-ip-group-remove-entries
#
InputArgument Name | Description | Required |
---|---|---|
ip-group-name | The name of the IP Group | Required |
#
Context OutputThere is no context output for this command.
#
Command Example``!imperva-waf-ip-group-remove-entries ip-group-name=
test_policy````
#
Context Example#
Human Readable OutputThe IP group test_policy is now empty
#
imperva-waf-sites-listReturns a list of the names of all sites in the system.
#
Base Commandimperva-waf-sites-list
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
ImpervaWAF.Site.Name | String | The name of the site |
#
Command Example!imperva-waf-sites-list
#
Context Example#
Human Readable Output#
All sites in the system
Name Default Site
#
imperva-waf-server-group-listReturns a list of all server group names under the site.
#
Base Commandimperva-waf-server-group-list
#
InputArgument Name | Description | Required |
---|---|---|
site-name | The name of the site | Required |
#
Context OutputPath | Type | Description |
---|---|---|
ImpervaWAF.ServerGroup.Name | String | The name of the server group |
ImpervaWAF.ServerGroup.SiteName | String | The name of the parent site of the server groups to access |
#
Command Example``!imperva-waf-server-group-list site-name=
Default Site````
#
Context Example#
Human Readable Output#
Server groups in Default Site
Name SiteName Tel Aviv Default Site
#
imperva-waf-server-group-list-policiesGet server groups applied web security policies.
#
Base Commandimperva-waf-server-group-list-policies
#
InputArgument Name | Description | Required |
---|---|---|
site-name | Site name | Required |
server-group-name | Server group name | Required |
#
Context OutputPath | Type | Description |
---|---|---|
ImpervaWAF.SecurityPolicy.PolicyName | String | Policy Name |
ImpervaWAF.SecurityPolicy.PolicyType | String | Policy type |
ImpervaWAF.SecurityPolicy.ServerGroup | String | Server group name |
ImpervaWAF.SecurityPolicy.SiteName | String | Site name |
ImpervaWAF.SecurityPolicy.System | Boolean | FI policy |
#
Command Example``!imperva-waf-server-group-list-policies site-name=
Default Site server-group-name=
Tel Aviv````
#
Context Example#
Human Readable Output#
Policies for Tel Aviv
PolicyName PolicyType ServerGroup SiteName System Network Protocol Violations Policy NetworkProtocolViolations Tel Aviv Default Site true Firewall Policy Firewall Tel Aviv Default Site true
#
imperva-waf-web-service-custom-policy-listReturns a list of names of all Web Application Custom Policies in the system.
#
Base Commandimperva-waf-web-service-custom-policy-list
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
ImpervaWAF.CustomWebPolicy.Name | String | The name of the policy |
#
Command Example!imperva-waf-web-service-custom-policy-list
#
Context Example#
Human Readable Output#
Custom web policies
Name HTML Injection OS Commands injection Malicious File Upload ThreatRadar - Emergency - GET Requests ThreatRadar - Emergency - POST Requests ThreatRadar - Emergency - Authenticated Sessions ThreatRadar - Emergency - Authenticated Sessions Sensitive Error Messages Leakage
#
imperva-waf-web-service-custom-policy-getReturns a Web Application Custom Policy indicated by policy name.
#
Base Commandimperva-waf-web-service-custom-policy-get
#
InputArgument Name | Description | Required |
---|---|---|
policy-name | The name of the policy | Required |
#
Context OutputPath | Type | Description |
---|---|---|
ImpervaWAF.CustomWebPolicy.Enabled | Boolean | Whether the policy is enabled |
ImpervaWAF.CustomWebPolicy.FollowedAction | String | Name of the Action Set |
ImpervaWAF.CustomWebPolicy.Name | String | The name of the policy |
ImpervaWAF.CustomWebPolicy.OneAlertPerSession | Boolean | Indicates whether to allow only one alert to be created for every web session |
ImpervaWAF.CustomWebPolicy.DisplayResponsePage | Boolean | Indicates whether to show response page in alerts |
ImpervaWAF.CustomWebPolicy.Action | String | Policy Action |
ImpervaWAF.CustomWebPolicy.Severity | String | Alert Severity |
ImpervaWAF.CustomWebPolicy.ApplyTo.serverGroupName | String | Name of the server group to apply |
ImpervaWAF.CustomWebPolicy.ApplyTo.siteName | String | Name of the site to apply |
ImpervaWAF.CustomWebPolicy.ApplyTo.webServiceName | String | Name of the web service to apply |
ImpervaWAF.CustomWebPolicy.MatchCriteria.operation | String | Match operation for values |
ImpervaWAF.CustomWebPolicy.MatchCriteria.type | String | Match Criterion name |
ImpervaWAF.CustomWebPolicy.MatchCriteria.ipGroups.Group name | String | Name of IP Group to search in |
ImpervaWAF.CustomWebPolicy.MatchCriteria.userDefined.IP Address | String | IP address to search in |
ImpervaWAF.CustomWebPolicy.MatchCriteria.values.country | String | Country name to match |
#
Command Example``!imperva-waf-web-service-custom-policy-get policy-name=
Suspicious File Extension Access````
#
Context Example#
Human Readable Output#
Policy data for Suspicious File Extension Access
Action DisplayResponsePage Enabled Name OneAlertPerSession Severity none false true Suspicious File Extension Access false high #
Services to apply the policy to
serverGroupName siteName webServiceName Tel Aviv Default Site Orders
#
imperva-waf-ip-group-createCreate an IP Group.
#
Base Commandimperva-waf-ip-group-create
#
InputArgument Name | Description | Required |
---|---|---|
group-name | Group name to create | Required |
entry-type | Type of address (Single, range or network) | Required |
ip-address-from | Start IP address, Mandatory for types: single, range | Optional |
ip-address-to | End IP address, Mandatory for type: range | Optional |
network-address | Network address, Mandatory for type: network | Optional |
cidr-mask | Network significant bits, Mandatory for type: network | Optional |
json-entries | List of entries values in json format, e.g. [{"type":"single","ipAddressFrom":"1.2.3.4"}] | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
ImpervaWAF.IpGroup.Name | String | The name of the IP Group |
#
Command Example!imperva-waf-ip-group-create group-name=`test_policy` entry-type=range ip-address-from=127.0.0.1 ip-address-to=127.0.0.2
#
Context Example#
Human Readable OutputGroup test_policy created successfully
#
imperva-waf-ip-group-update-entriesAdd or remove rows in an IP Group indicated by ip Group Name.
#
Base Commandimperva-waf-ip-group-update-entries
#
InputArgument Name | Description | Required |
---|---|---|
group-name | Group name to update | Required |
entry-type | Type of address (Single, range or network) | Required |
ip-address-from | Start IP address, Mandatory for types: single, range | Optional |
ip-address-to | End IP address, Mandatory for type: range | Optional |
network-address | Network address, Mandatory for type: network | Optional |
cidr-mask | Network significant bits, Mandatory for type: network | Optional |
operation | Operation to apply on the entry | Required |
json-entries | List of entries values in json format, e.g. [{"operation":"add","type":"single","ipAddressFrom":"1.2.3.4"}] | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!imperva-waf-ip-group-update-entries group-name=test_policy entry-type=range ip-address-from=10.0.0.1 ip-address-to=10.0.0.2 operation=add
#
Context Example#
Human Readable OutputGroup test_policy updated successfully
#
imperva-waf-ip-group-deleteDelete a IP Group indicated by group name.
#
Base Commandimperva-waf-ip-group-delete
#
InputArgument Name | Description | Required |
---|---|---|
group-name | Group name to delete | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!imperva-waf-ip-group-delete group-name=test_policy
#
Context Example#
Human Readable OutputGroup test_policy deleted successfully
#
imperva-waf-web-service-custom-policy-createCreate a Web Service Custom Policy.
#
Base Commandimperva-waf-web-service-custom-policy-create
#
InputArgument Name | Description | Required |
---|---|---|
policy-name | The name of the policy to create | Required |
enabled | Whether the policy is enabled, Default: True | Optional |
severity | Alert Severity, Default: medium | Optional |
action | Policy Action, Default: none | Optional |
followed-action | Name of the Action Set | Optional |
one-alert-per-session | Indicates whether to allow only one alert to be created for every web session, Default: False | Optional |
display-response-page | Indicates whether to show the response page in alerts, Default: False | Optional |
site-name-to-apply | Name of the site to apply | Required |
server-group-name-to-apply | Name of the server group to apply | Required |
web-service-name-to-apply | Name of the web service to apply | Required |
geo-location-criteria-operation | Match operation for Source Geolocation | Optional |
ip-groups | Comma separated list of names of IP Groups to search in | Optional |
ip-addresses | Comma separated list of IP addresses to search in | Optional |
country-names | Comma separated list of country names to search in, mandatory when geo-location-criteria-operation is set | Optional |
ip-addresses-criteria-operation | Match operation for Source IP addresses | Optional |
match-criteria-json | List of match criteria in json format, e.g. [{"type": "sourceIpAddresses","operation": "atLeastOne","userDefined": ["1.2.3.4"]}] | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
ImpervaWAF.CustomWebPolicy.Enabled | Boolean | Indicates whether the policy is enabled. |
ImpervaWAF.CustomWebPolicy.FollowedAction | String | The name of the action set. |
ImpervaWAF.CustomWebPolicy.Name | String | The name of the policy. |
ImpervaWAF.CustomWebPolicy.OneAlertPerSession | Boolean | Indicates whether to allow only one alert to be created for every web session. |
ImpervaWAF.CustomWebPolicy.DisplayResponsePage | Boolean | Indicates whether to show the response page in the alerts. |
ImpervaWAF.CustomWebPolicy.Action | String | The custom web policy action. |
ImpervaWAF.CustomWebPolicy.Severity | String | The custom web policy alert severity. |
ImpervaWAF.CustomWebPolicy.ApplyTo.serverGroupName | String | The name of the server group to apply. |
ImpervaWAF.CustomWebPolicy.ApplyTo.siteName | String | The name of the site to apply. |
ImpervaWAF.CustomWebPolicy.ApplyTo.webServiceName | String | The name of the web service to apply. |
ImpervaWAF.CustomWebPolicy.MatchCriteria.operation | String | The match operation for values. |
ImpervaWAF.CustomWebPolicy.MatchCriteria.type | String | The match criterion name. |
ImpervaWAF.CustomWebPolicy.MatchCriteria.ipGroups.Group name | String | The name of the IP group in which to search. |
ImpervaWAF.CustomWebPolicy.MatchCriteria.userDefined.IP Address | String | The IP address in which to search. |
ImpervaWAF.CustomWebPolicy.MatchCriteria.values.country | String | Country name to match. |
#
Command Example``!imperva-waf-web-service-custom-policy-create policy-name=test_policy server-group-name-to-apply=
Tel Aviv site-name-to-apply=
Default Site web-service-name-to-apply=Orders followed-action=
Long IP Block````
#
Context Example#
Human Readable OutputPolicy test_policy created successfully
#
imperva-waf-web-service-custom-policy-updateUpdate a Web Service Custom Policy.
#
Base Commandimperva-waf-web-service-custom-policy-update
#
InputArgument Name | Description | Required |
---|---|---|
policy-name | The name of the policy to update | Required |
enabled | Whether the policy is enabled | Optional |
severity | Alert Severity | Optional |
action | Policy Action | Optional |
followed-action | Name of the Action Set | Optional |
one-alert-per-session | Indicates whether to allow only one alert to be created for every web session | Optional |
display-response-page | Indicates whether to show the response page in alerts | Optional |
site-name-to-apply | Name of the site to apply | Optional |
server-group-name-to-apply | Name of the server group to apply | Optional |
web-service-name-to-apply | Name of the web service to apply | Optional |
geo-location-criteria-operation | Match operation for Source Geolocation | Optional |
ip-groups | Comma separated list of names of IP Groups to search in | Optional |
ip-addresses | Comma separated list of IP addresses to search in | Optional |
country-names | Comma separated list of country names to search in, mandatory when geo-location-criteria-operation is set | Optional |
ip-addresses-criteria-operation | Match operation for Source IP addresses | Optional |
apply-operation | Operation to apply | Optional |
match-criteria-json | List of match criteria in json format, e.g. [{"type":"sourceIpAddresses","operation":"atLeastOne","userDefined":["1.2.3.4"]}] | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!imperva-waf-web-service-custom-policy-update policy-name=test_policy enabled=False
#
Context Example#
Human Readable OutputPolicy test_policy updated successfully
#
imperva-waf-web-service-custom-policy-deleteDelete a Web Service Custom Policy indicated by policy name.
#
Base Commandimperva-waf-web-service-custom-policy-delete
#
InputArgument Name | Description | Required |
---|---|---|
policy-name | The name of the policy to delete | Required |
#
Context OutputThere is no context output for this command.
#
Command Example``!imperva-waf-web-service-custom-policy-delete policy-name=
test_policy````
#
Context Example#
Human Readable OutputPolicy test_policy deleted successfully