Imperva Incapsula is a cloud-based application delivery platform. It uses a global content delivery network to provide web application security, DDoS mitigation, content caching, application delivery, load balancing and failover services.
This document provides information about the Imperva Incapsula connector, which facilitates automated interactions, with a Imperva Incapsula server using FortiSOAR™ playbooks. Add the Imperva Incapsula connector as a step in FortiSOAR™ playbooks and perform automated operations, such as adding sites, retrieving site status, and modifying site configurations.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 4.11.0-1161
Authored By: Fortinet
Certified: Yes
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-imperva-incapsula
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, select the Imperva Incapsula connector and click Configure to configure the following parameters:
Parameter | Description |
---|---|
Server URL | URL of the Imperva Incapsula server to which you will connect and perform automated operations. |
API ID | API ID of the Imperva Incapsula server to which you will connect and perform automated operations. |
API Key | API Key of the Imperva Incapsula server to which you will connect and perform automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Add Site | Adds a new site to an account on the Imperva Incapsula server. | add_site Miscellaneous |
Modify Site Configuration | Updates the configuration of the specified site on the Imperva Incapsula server, based on the Site ID and other input parameters you have specified. | update_site Miscellaneous |
Modify Site Logs Level | Updates the log levels of the specified site on the Imperva Incapsula server, based on the Site ID and log level that you have specified. | update_site Miscellaneous |
Modify Site Security Configuration | Updates the security configuration of the specified site on the Imperva Incapsula server, based on the Site ID and Rule ID you have specified. | update_site Miscellaneous |
Modify Site ACL Configuration | Updates the Access Control List(ACL) configuration of the specified site on the Imperva Incapsula server, based on the Site ID and Rule ID you have specified. | update_site Miscellaneous |
Modify or Create Whitelists Configuration | Creates or Updates the whitelist configuration of the specified site on the Imperva Incapsula server, based on the Site ID and other parameters you have specified. | update_site Miscellaneous |
Get Site Status | Retrieves the status of the specified site on the Imperva Incapsula server, based on the Site ID you have specified. | get_site_status Investigation |
List Sites | Retrieves a list of all sites for a specified account from the Imperva Incapsula server. | list_sites Investigation |
Get Domain Approver E-mail IDs | Retrieves the email address of the domain approver of the specified domain from the Imperva Incapsula server, based on the domain name you have specified. | get_email Investigation |
Get Site Report | Retrieves the PCI Compliance report of the specified site from the Imperva Incapsula server, based on the site ID you have specified. | get_site_report Investigation |
Get IP Ranges | Retrieves the updated list of Incapsula IP ranges from the Imperva Incapsula server. | get_ip_ranges Investigation |
Get Client Applications Info | Retrieves a list of client applications from the Imperva Incapsula server. | get_client_app_info Investigation |
Get Statistics | Retrieves statistics of one or more sites from the Imperva Incapsula server, based on the site ID(s) you have specified. | get_stats Investigation |
Get Visits | Retrieves a log of recent visits to a specified site from the Imperva Incapsula server, based on the site ID and other parameters you have specified. | get_visits Investigation |
Get Login Protect Users | Retrieves the login protect user list of the specified account from the Imperva Incapsula server, based on the account ID you have specified. | get_login_protect_users Investigation |
Purge Site Cache | Purges all the cached content for a specific site from the Imperva Incapsula proxy server, based on the siteID you have specified. | purge_site_cache Investigation |
Purge Resource | Purges all the site resources for a specific site from the Imperva Incapsula server, based on the siteID you have specified. | purge_resource Investigation |
Purge Hostname | Purges the specified hostname from the cache on the Imperva Incapsula server. | purge_hostname Investigation |
Delete Site | Deletes the specified site from the Imperva Incapsula server. | delete_site Miscellaneous |
Parameter | Description |
---|---|
Domain | Domain name of the site that you want to add to Imperva Incapsula. For example, www.example.com |
Send Site Setup Emails | If you select this option, i.e., set it to True , then the user will receive emails about processes related to add site, such as DNS instructions and SSL Setup. If this option is not selected, i.e., set it to False , then the user will not receive emails about processes related to add site.By default, this is set to False . |
Force SSL | If you select this option, i.e., set it to True , then you must manually set the site to support SSL.By default, this is set to False . |
The JSON output contains details of the site added to Imperva Incapsula.
Following image displays a sample output:
Parameter | Description |
---|---|
Site ID | ID of the site whose details you want to update on Imperva Incapsula. |
Param | Name of the configuration parameter that you want to update on Imperva Incapsula. You can choose from the following options: Active, Site IP, Domain Validation, Approver, Ignore SSL, Domain Redirect To Full, or Remove SSL. |
Value | Value of the configuration parameter that you want to update on Imperva Incapsula. For example, if you select Site IP, then an IP addresses field will be displayed. Specify the value of the IP addresses that you want to update on Imperva Incapsula in this field. |
The JSON output contains details of the site updated on Imperva Incapsula.
Following image displays a sample output:
Parameter | Description |
---|---|
Site ID | ID of the site whose log levels you want to update on Imperva Incapsula. |
Log Level | Log reporting level that you want to set on the specified site. You can choose from the following options: Full, Security, None, or Default. |
The JSON output contains details (including the logs levels set) of the site updated on Imperva Incapsula.
Following image displays a sample output:
Parameter | Description |
---|---|
Site ID | ID of the site whose site security configuration you want to update on Imperva Incapsula. |
Rule ID | ID of the security rule that you want to set on the specified site. You can choose from the following options: Bot Access Control, SQL Injection, Cross Site Scripting, Illegal Resource Access, Backdoor, DDoS, or Remote File Inclusion. Note: Each Rule ID have their own specific parameters that you have to specify. See the following "Rule ID Parameter Description" table for more information. |
Rule ID Parameter Description
Rule ID | Description |
---|---|
Bot Access Control | Following values can be set for this Rule ID: Block Bad Bots and Challenge Suspected Bots. |
SQL Injection | Following values can be set for this Rule ID: Disable, Alert, Block Request, or Block IP. |
Cross Site Scripting | Following values can be set for this Rule ID: Disable, Alert, Block Request, or Block IP. |
Illegal Resource Access | Following values can be set for this Rule ID: Disable, Alert, Block Request, or Block IP. |
Backdoor | Following values can be set for this Rule ID: Disable, Alert, Block Request, or Block IP. |
DDoS | Following values can be set for this Rule ID: Activation Mode and DDoS Traffic Threshold. Activation Mode: If the activation_mode is set as OFF, then the security measures are disabled, even if site is under a DDoS attack. You can choose from the following options: ON, OFF, or AUTO.DDoS Traffic Threshold: Considers site to be under DDoS if the request rate is above for provided threshold. You can choose from the following options: 10, 20, 50, 100, 200, 300, 400, 500, 750, 850, 1000, 1500, 2000, 3000, 4000, or 5000. |
Remote File Inclusion | Following values can be set for this Rule ID: Disable, Alert, Block Request, or Block IP. |
The JSON output contains details of the updated security configuration for the specified site on Imperva Incapsula.
Following image displays a sample output:
Parameter | Description |
---|---|
Site ID | ID of the site whose site ACL configuration you want to update on Imperva Incapsula. |
Rule ID | ID of the ACL rule that you want to set on the specified site. You can choose from the following options: Blacklisted Countries, Blacklisted URLs, Blacklisted IPs, Whitelisted IPs. Note: Each Rule ID have their own specific parameters that you have to specify. See the following "Rule ID Parameter Description" table for more information. |
Rule ID Parameter Description
Rule ID | Description |
---|---|
Blacklisted Countries | A comma-separated list of country codes. An empty list will remove all countries. |
Blacklisted URLs | Following values can be set for this Rule ID: URLs or URL Patterns. URLs: A comma-separated list of resource paths. For example, /home and /admin/index.html are resource paths, while http://www.example.com/home is not. An empty URL list will remove all URLs.URL Patterns: A comma-separated list of URL patterns. One of: contains | equals | prefix | suffix | not_equals | not_contain | not_prefix | not_suffix. The patterns should match with the matching URLs sent by the URLs parameter. |
Blacklisted IPs | A comma-separated list of IPs or IP ranges or subnets. For example, 111.111.1.1, 111.111.1.1-111.111.1.100 or 111.111.1.1/24 |
Whitelisted IPs | A comma-separated list of IPs or IP ranges or subnets. For example, 111.111.1.1, 111.111.1.1-111.111.1.100 or 111.111.1.1/24 |
The JSON output contains details of the updated ACL configuration for the specified site on Imperva Incapsula.
Following image displays a sample output:
Parameter | Description |
---|---|
Site ID | ID of the site whose site whitelist configuration you want to create or update on Imperva Incapsula. |
Rule ID | ID of the rule that you want to set or update on the specified site. You can choose from the following options: Bot Access Control, SQL Injection, Cross Site Scripting, Illegal Resource Access, Backdoor, DDoS, or Remote File Inclusion. Note: Each Rule ID have their own specific parameters that you have to specify. See the "Rule ID Parameter Description" table in the Modify Site Security Configuration section for more information. |
URLs | (Optional) A comma-separated list of resource paths that you want to add or update in the whitelist. For example, /admin/index.html is a resource path, while http://www.example.com/home is not. An empty URL list will remove all URLs. |
IP Addresses | (Optional) A comma-separated list of IPs or IP ranges or subnets that you want to add or update in the whitelist. For example, 111.111.1.1, 111.111.1.1-111.111.1.100 or 111.111.1.1/24. An empty IP list will remove all IP addresses. |
Countries | (Optional) A comma-separated list of country codes that you want to add or update in the whitelist. |
Whitelist ID | (Optional) ID of the whitelist you want to update. Note: If this is a new whitelist, then keep this field blank. |
Delete Whitelist | (Optional) If you select this option, i.e., set it to True and a whitelist ID is sent, then the whitelist will be deleted.By default, this is set to False . |
The JSON output contains details of the whitelist that you have created or updated on Imperva Incapsula.
Following image displays a sample output:
Parameter | Description |
---|---|
Site ID | ID of the site whose status details you want to retrieve from Imperva Incapsula. |
The JSON output contains status details for the specified site retrieved from Imperva Incapsula.
Following image displays a sample output:
Parameter | Description |
---|---|
Account ID | ID of the account whose site listings and details you want to retrieve from Imperva Incapsula. If you do not specify the account ID, then this operation will be performed on the account identified by the authentication parameters. |
Page Size | (Optional) Number of results that this operation should return. By default, this is set to 50. |
Page Size | (Optional) Page number from which you want to retrieve records. By default, this is set to 0. |
The JSON output contains all the sites that are associated with the specified account ID retrieved from Imperva Incapsula.
Following image displays a sample output:
Parameter | Description |
---|---|
Domain | Name of the domain whose domain approver's email address you want to retrieve from Imperva Incapsula. |
The JSON output contains all the email addresses of the domain approvers that are associated with the specified domain name retrieved from Imperva Incapsula.
Following image displays a sample output:
Note: This operation uploads the report retrieved from Imperva Incapsula as an attachment in FortiSOAR™.
Parameter | Description |
---|---|
Site ID | ID of the site whose site report you want to retrieve from Imperva Incapsula. |
Format | Format in which you want to get the report. You can choose from the following options: HTML or PDF. By default, this is set to PDF. |
Time Range | (Optional) Time range for which you want to retrieve data from Imperva Incapsula for the report. You can choose from the following options: Today, Last 7 Days, Last 30 Days, Last 90 Days, or Month To Date. By default, this is set to Today. |
The JSON output contains details of the report retrieved from Imperva Incapsula and created in FortiSOAR™, based on the site ID and other parameters you have specified.
Following image displays a sample output:
None
The JSON output contains the updated list of Incapsula IP ranges retrieved from the Imperva Incapsula server.
Following image displays a sample output:
None
The JSON output contains the client applications information retrieved from the Imperva Incapsula server.
Following image displays a sample output:
Parameter | Description |
---|---|
Site ID | ID of the site whose site statistics you want to retrieve from Imperva Incapsula. |
Time Range | (Optional) Time range for which you want to retrieve statistics from Imperva Incapsula. You can choose from the following options: Today, Last 7 Days, Last 30 Days, Last 90 Days, Month To Date. By default, this is set to Today. |
Stats | Type of statistics information that you want to retrieve for the specified site from Imperva Incapsula. You can choose from the following options: Threats, Incap Rules, Caching Timeseries, Caching, Visits Dist Summary, Requests Geo Dist Summary, Bandwidth Timeseries, Hits Timeseries, Visits Timeseries, or Incap Rules Timeseries. By default, this is set to Threats. |
Account ID | (Optional)ID of the account whose associated sites' statistics you want to retrieve from Imperva Incapsula. If you do not specify the account ID, then this operation will be performed on the account identified by the authentication parameters. |
The JSON output contains statistics of the specified site retrieved from Imperva Incapsula and created in FortiSOAR™, based on the site ID and other parameters you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Site ID | ID of the site whose log of recent visits you want to retrieve from Imperva Incapsula. |
Time Range | (Optional)Time range for which you want to retrieve the log of recent visits for the specified site from Imperva Incapsula. You can choose from the following options: Today, Last 7 Days, Last 30 Days, Last 90 Days, Month To Date. By default, this is set to Today. |
Page Size | (Optional) Number of results that this operation should return. By default, this is set to 50. |
Page Size | (Optional) Page number from which you want to retrieve records. By default, this is set to 0. |
IP Address | (Optional) Filter the sessions coming from the IP Address that you specify. |
The JSON output contains the log of recent visits to a specified site from the Imperva Incapsula server, based on the site ID and other parameters you have specified.
Note: Not all visits are recorded; only visits with abnormal activity are recorded, such as a violation of security rules and visits from blacklisted IP addresses or countries.
Following image displays a sample output:
Parameter | Description |
---|---|
Account ID | (Optional)ID of the account whose login protect user list you want to retrieve from Imperva Incapsula. |
The JSON output contains the login protect user list of the specified account retrieved from the Imperva Incapsula server, based on the account ID you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Site ID | ID of the site whose cache content you want to purge from Imperva Incapsula. |
The JSON output displays res_message: OK
if the cache content is purged from the Imperva Incapsula server for the site ID you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Site ID | ID of the site whose cached resources you want to purge from Imperva Incapsula. |
Purge All Cached Resources | If you select this option, i.e., set it to True , them all cached resources of the specified site will be purged.By default, this is set to True . |
The JSON output displays res_message: OK
if the cached resources are purged from the Imperva Incapsula server for the site ID you have specified.
Following image displays a sample output:
Note: This API is for customers who use the same CNAME provided by Incapsula for multiple hostnames and would like to change the CNAME for a particular hostname. Purging the hostname is required for the CNAME change to take effect.
Parameter | Description |
---|---|
Hostname | Hostname that you want to purge from the cache on Imperva Incapsula. |
The JSON output displays res_message: OK
if the hostname is purged from the cache on the Imperva Incapsula server, based on the hostname you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Site ID | ID of the site that you want to delete from Imperva Incapsula. |
The JSON output displays res_message: OK
if the site that you have specified is deleted from the Imperva Incapsula server, based on the site ID you have specified.
Following image displays a sample output:
The Sample - Imperva Incapsula - 1.0.0
playbook collection comes bundled with the Imperva Incapsula connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Imperva Incapsula connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Imperva Incapsula is a cloud-based application delivery platform. It uses a global content delivery network to provide web application security, DDoS mitigation, content caching, application delivery, load balancing and failover services.
This document provides information about the Imperva Incapsula connector, which facilitates automated interactions, with a Imperva Incapsula server using FortiSOAR™ playbooks. Add the Imperva Incapsula connector as a step in FortiSOAR™ playbooks and perform automated operations, such as adding sites, retrieving site status, and modifying site configurations.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 4.11.0-1161
Authored By: Fortinet
Certified: Yes
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-imperva-incapsula
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, select the Imperva Incapsula connector and click Configure to configure the following parameters:
Parameter | Description |
---|---|
Server URL | URL of the Imperva Incapsula server to which you will connect and perform automated operations. |
API ID | API ID of the Imperva Incapsula server to which you will connect and perform automated operations. |
API Key | API Key of the Imperva Incapsula server to which you will connect and perform automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Add Site | Adds a new site to an account on the Imperva Incapsula server. | add_site Miscellaneous |
Modify Site Configuration | Updates the configuration of the specified site on the Imperva Incapsula server, based on the Site ID and other input parameters you have specified. | update_site Miscellaneous |
Modify Site Logs Level | Updates the log levels of the specified site on the Imperva Incapsula server, based on the Site ID and log level that you have specified. | update_site Miscellaneous |
Modify Site Security Configuration | Updates the security configuration of the specified site on the Imperva Incapsula server, based on the Site ID and Rule ID you have specified. | update_site Miscellaneous |
Modify Site ACL Configuration | Updates the Access Control List(ACL) configuration of the specified site on the Imperva Incapsula server, based on the Site ID and Rule ID you have specified. | update_site Miscellaneous |
Modify or Create Whitelists Configuration | Creates or Updates the whitelist configuration of the specified site on the Imperva Incapsula server, based on the Site ID and other parameters you have specified. | update_site Miscellaneous |
Get Site Status | Retrieves the status of the specified site on the Imperva Incapsula server, based on the Site ID you have specified. | get_site_status Investigation |
List Sites | Retrieves a list of all sites for a specified account from the Imperva Incapsula server. | list_sites Investigation |
Get Domain Approver E-mail IDs | Retrieves the email address of the domain approver of the specified domain from the Imperva Incapsula server, based on the domain name you have specified. | get_email Investigation |
Get Site Report | Retrieves the PCI Compliance report of the specified site from the Imperva Incapsula server, based on the site ID you have specified. | get_site_report Investigation |
Get IP Ranges | Retrieves the updated list of Incapsula IP ranges from the Imperva Incapsula server. | get_ip_ranges Investigation |
Get Client Applications Info | Retrieves a list of client applications from the Imperva Incapsula server. | get_client_app_info Investigation |
Get Statistics | Retrieves statistics of one or more sites from the Imperva Incapsula server, based on the site ID(s) you have specified. | get_stats Investigation |
Get Visits | Retrieves a log of recent visits to a specified site from the Imperva Incapsula server, based on the site ID and other parameters you have specified. | get_visits Investigation |
Get Login Protect Users | Retrieves the login protect user list of the specified account from the Imperva Incapsula server, based on the account ID you have specified. | get_login_protect_users Investigation |
Purge Site Cache | Purges all the cached content for a specific site from the Imperva Incapsula proxy server, based on the siteID you have specified. | purge_site_cache Investigation |
Purge Resource | Purges all the site resources for a specific site from the Imperva Incapsula server, based on the siteID you have specified. | purge_resource Investigation |
Purge Hostname | Purges the specified hostname from the cache on the Imperva Incapsula server. | purge_hostname Investigation |
Delete Site | Deletes the specified site from the Imperva Incapsula server. | delete_site Miscellaneous |
Parameter | Description |
---|---|
Domain | Domain name of the site that you want to add to Imperva Incapsula. For example, www.example.com |
Send Site Setup Emails | If you select this option, i.e., set it to True , then the user will receive emails about processes related to add site, such as DNS instructions and SSL Setup. If this option is not selected, i.e., set it to False , then the user will not receive emails about processes related to add site.By default, this is set to False . |
Force SSL | If you select this option, i.e., set it to True , then you must manually set the site to support SSL.By default, this is set to False . |
The JSON output contains details of the site added to Imperva Incapsula.
Following image displays a sample output:
Parameter | Description |
---|---|
Site ID | ID of the site whose details you want to update on Imperva Incapsula. |
Param | Name of the configuration parameter that you want to update on Imperva Incapsula. You can choose from the following options: Active, Site IP, Domain Validation, Approver, Ignore SSL, Domain Redirect To Full, or Remove SSL. |
Value | Value of the configuration parameter that you want to update on Imperva Incapsula. For example, if you select Site IP, then an IP addresses field will be displayed. Specify the value of the IP addresses that you want to update on Imperva Incapsula in this field. |
The JSON output contains details of the site updated on Imperva Incapsula.
Following image displays a sample output:
Parameter | Description |
---|---|
Site ID | ID of the site whose log levels you want to update on Imperva Incapsula. |
Log Level | Log reporting level that you want to set on the specified site. You can choose from the following options: Full, Security, None, or Default. |
The JSON output contains details (including the logs levels set) of the site updated on Imperva Incapsula.
Following image displays a sample output:
Parameter | Description |
---|---|
Site ID | ID of the site whose site security configuration you want to update on Imperva Incapsula. |
Rule ID | ID of the security rule that you want to set on the specified site. You can choose from the following options: Bot Access Control, SQL Injection, Cross Site Scripting, Illegal Resource Access, Backdoor, DDoS, or Remote File Inclusion. Note: Each Rule ID have their own specific parameters that you have to specify. See the following "Rule ID Parameter Description" table for more information. |
Rule ID Parameter Description
Rule ID | Description |
---|---|
Bot Access Control | Following values can be set for this Rule ID: Block Bad Bots and Challenge Suspected Bots. |
SQL Injection | Following values can be set for this Rule ID: Disable, Alert, Block Request, or Block IP. |
Cross Site Scripting | Following values can be set for this Rule ID: Disable, Alert, Block Request, or Block IP. |
Illegal Resource Access | Following values can be set for this Rule ID: Disable, Alert, Block Request, or Block IP. |
Backdoor | Following values can be set for this Rule ID: Disable, Alert, Block Request, or Block IP. |
DDoS | Following values can be set for this Rule ID: Activation Mode and DDoS Traffic Threshold. Activation Mode: If the activation_mode is set as OFF, then the security measures are disabled, even if site is under a DDoS attack. You can choose from the following options: ON, OFF, or AUTO.DDoS Traffic Threshold: Considers site to be under DDoS if the request rate is above for provided threshold. You can choose from the following options: 10, 20, 50, 100, 200, 300, 400, 500, 750, 850, 1000, 1500, 2000, 3000, 4000, or 5000. |
Remote File Inclusion | Following values can be set for this Rule ID: Disable, Alert, Block Request, or Block IP. |
The JSON output contains details of the updated security configuration for the specified site on Imperva Incapsula.
Following image displays a sample output:
Parameter | Description |
---|---|
Site ID | ID of the site whose site ACL configuration you want to update on Imperva Incapsula. |
Rule ID | ID of the ACL rule that you want to set on the specified site. You can choose from the following options: Blacklisted Countries, Blacklisted URLs, Blacklisted IPs, Whitelisted IPs. Note: Each Rule ID have their own specific parameters that you have to specify. See the following "Rule ID Parameter Description" table for more information. |
Rule ID Parameter Description
Rule ID | Description |
---|---|
Blacklisted Countries | A comma-separated list of country codes. An empty list will remove all countries. |
Blacklisted URLs | Following values can be set for this Rule ID: URLs or URL Patterns. URLs: A comma-separated list of resource paths. For example, /home and /admin/index.html are resource paths, while http://www.example.com/home is not. An empty URL list will remove all URLs.URL Patterns: A comma-separated list of URL patterns. One of: contains | equals | prefix | suffix | not_equals | not_contain | not_prefix | not_suffix. The patterns should match with the matching URLs sent by the URLs parameter. |
Blacklisted IPs | A comma-separated list of IPs or IP ranges or subnets. For example, 111.111.1.1, 111.111.1.1-111.111.1.100 or 111.111.1.1/24 |
Whitelisted IPs | A comma-separated list of IPs or IP ranges or subnets. For example, 111.111.1.1, 111.111.1.1-111.111.1.100 or 111.111.1.1/24 |
The JSON output contains details of the updated ACL configuration for the specified site on Imperva Incapsula.
Following image displays a sample output:
Parameter | Description |
---|---|
Site ID | ID of the site whose site whitelist configuration you want to create or update on Imperva Incapsula. |
Rule ID | ID of the rule that you want to set or update on the specified site. You can choose from the following options: Bot Access Control, SQL Injection, Cross Site Scripting, Illegal Resource Access, Backdoor, DDoS, or Remote File Inclusion. Note: Each Rule ID have their own specific parameters that you have to specify. See the "Rule ID Parameter Description" table in the Modify Site Security Configuration section for more information. |
URLs | (Optional) A comma-separated list of resource paths that you want to add or update in the whitelist. For example, /admin/index.html is a resource path, while http://www.example.com/home is not. An empty URL list will remove all URLs. |
IP Addresses | (Optional) A comma-separated list of IPs or IP ranges or subnets that you want to add or update in the whitelist. For example, 111.111.1.1, 111.111.1.1-111.111.1.100 or 111.111.1.1/24. An empty IP list will remove all IP addresses. |
Countries | (Optional) A comma-separated list of country codes that you want to add or update in the whitelist. |
Whitelist ID | (Optional) ID of the whitelist you want to update. Note: If this is a new whitelist, then keep this field blank. |
Delete Whitelist | (Optional) If you select this option, i.e., set it to True and a whitelist ID is sent, then the whitelist will be deleted.By default, this is set to False . |
The JSON output contains details of the whitelist that you have created or updated on Imperva Incapsula.
Following image displays a sample output:
Parameter | Description |
---|---|
Site ID | ID of the site whose status details you want to retrieve from Imperva Incapsula. |
The JSON output contains status details for the specified site retrieved from Imperva Incapsula.
Following image displays a sample output:
Parameter | Description |
---|---|
Account ID | ID of the account whose site listings and details you want to retrieve from Imperva Incapsula. If you do not specify the account ID, then this operation will be performed on the account identified by the authentication parameters. |
Page Size | (Optional) Number of results that this operation should return. By default, this is set to 50. |
Page Size | (Optional) Page number from which you want to retrieve records. By default, this is set to 0. |
The JSON output contains all the sites that are associated with the specified account ID retrieved from Imperva Incapsula.
Following image displays a sample output:
Parameter | Description |
---|---|
Domain | Name of the domain whose domain approver's email address you want to retrieve from Imperva Incapsula. |
The JSON output contains all the email addresses of the domain approvers that are associated with the specified domain name retrieved from Imperva Incapsula.
Following image displays a sample output:
Note: This operation uploads the report retrieved from Imperva Incapsula as an attachment in FortiSOAR™.
Parameter | Description |
---|---|
Site ID | ID of the site whose site report you want to retrieve from Imperva Incapsula. |
Format | Format in which you want to get the report. You can choose from the following options: HTML or PDF. By default, this is set to PDF. |
Time Range | (Optional) Time range for which you want to retrieve data from Imperva Incapsula for the report. You can choose from the following options: Today, Last 7 Days, Last 30 Days, Last 90 Days, or Month To Date. By default, this is set to Today. |
The JSON output contains details of the report retrieved from Imperva Incapsula and created in FortiSOAR™, based on the site ID and other parameters you have specified.
Following image displays a sample output:
None
The JSON output contains the updated list of Incapsula IP ranges retrieved from the Imperva Incapsula server.
Following image displays a sample output:
None
The JSON output contains the client applications information retrieved from the Imperva Incapsula server.
Following image displays a sample output:
Parameter | Description |
---|---|
Site ID | ID of the site whose site statistics you want to retrieve from Imperva Incapsula. |
Time Range | (Optional) Time range for which you want to retrieve statistics from Imperva Incapsula. You can choose from the following options: Today, Last 7 Days, Last 30 Days, Last 90 Days, Month To Date. By default, this is set to Today. |
Stats | Type of statistics information that you want to retrieve for the specified site from Imperva Incapsula. You can choose from the following options: Threats, Incap Rules, Caching Timeseries, Caching, Visits Dist Summary, Requests Geo Dist Summary, Bandwidth Timeseries, Hits Timeseries, Visits Timeseries, or Incap Rules Timeseries. By default, this is set to Threats. |
Account ID | (Optional)ID of the account whose associated sites' statistics you want to retrieve from Imperva Incapsula. If you do not specify the account ID, then this operation will be performed on the account identified by the authentication parameters. |
The JSON output contains statistics of the specified site retrieved from Imperva Incapsula and created in FortiSOAR™, based on the site ID and other parameters you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Site ID | ID of the site whose log of recent visits you want to retrieve from Imperva Incapsula. |
Time Range | (Optional)Time range for which you want to retrieve the log of recent visits for the specified site from Imperva Incapsula. You can choose from the following options: Today, Last 7 Days, Last 30 Days, Last 90 Days, Month To Date. By default, this is set to Today. |
Page Size | (Optional) Number of results that this operation should return. By default, this is set to 50. |
Page Size | (Optional) Page number from which you want to retrieve records. By default, this is set to 0. |
IP Address | (Optional) Filter the sessions coming from the IP Address that you specify. |
The JSON output contains the log of recent visits to a specified site from the Imperva Incapsula server, based on the site ID and other parameters you have specified.
Note: Not all visits are recorded; only visits with abnormal activity are recorded, such as a violation of security rules and visits from blacklisted IP addresses or countries.
Following image displays a sample output:
Parameter | Description |
---|---|
Account ID | (Optional)ID of the account whose login protect user list you want to retrieve from Imperva Incapsula. |
The JSON output contains the login protect user list of the specified account retrieved from the Imperva Incapsula server, based on the account ID you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Site ID | ID of the site whose cache content you want to purge from Imperva Incapsula. |
The JSON output displays res_message: OK
if the cache content is purged from the Imperva Incapsula server for the site ID you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Site ID | ID of the site whose cached resources you want to purge from Imperva Incapsula. |
Purge All Cached Resources | If you select this option, i.e., set it to True , them all cached resources of the specified site will be purged.By default, this is set to True . |
The JSON output displays res_message: OK
if the cached resources are purged from the Imperva Incapsula server for the site ID you have specified.
Following image displays a sample output:
Note: This API is for customers who use the same CNAME provided by Incapsula for multiple hostnames and would like to change the CNAME for a particular hostname. Purging the hostname is required for the CNAME change to take effect.
Parameter | Description |
---|---|
Hostname | Hostname that you want to purge from the cache on Imperva Incapsula. |
The JSON output displays res_message: OK
if the hostname is purged from the cache on the Imperva Incapsula server, based on the hostname you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Site ID | ID of the site that you want to delete from Imperva Incapsula. |
The JSON output displays res_message: OK
if the site that you have specified is deleted from the Imperva Incapsula server, based on the site ID you have specified.
Following image displays a sample output:
The Sample - Imperva Incapsula - 1.0.0
playbook collection comes bundled with the Imperva Incapsula connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Imperva Incapsula connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.