Fortinet Document Library

Version:


Table of Contents

Imperva Incapsula

1.0.0
Copy Link

About the connector

Imperva Incapsula is a cloud-based application delivery platform. It uses a global content delivery network to provide web application security, DDoS mitigation, content caching, application delivery, load balancing and failover services.

This document provides information about the Imperva Incapsula connector, which facilitates automated interactions, with a Imperva Incapsula server using FortiSOAR™ playbooks. Add the Imperva Incapsula connector as a step in FortiSOAR™ playbooks and perform automated operations, such as adding sites, retrieving site status, and modifying site configurations.

 

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 4.11.0-1161

Authored By: Fortinet

Certified: Yes

 

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-imperva-incapsula

For the detailed procedure to install a connector, click here.

 

Prerequisites to configuring the connector

  • You must know the URL of the Imperva Incapsula database server to which you will connect and perform automated operations and credentials to access the database.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here.

 

Configuration parameters

In FortiSOAR™, on the Connectors page, select the Imperva Incapsula connector and click Configure to configure the following parameters:

 

Parameter Description
Server URL URL of the Imperva Incapsula server to which you will connect and perform automated operations.
API ID API ID of the Imperva Incapsula server to which you will connect and perform automated operations.
API Key API Key of the Imperva Incapsula server to which you will connect and perform automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

 

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Add Site Adds a new site to an account on the Imperva Incapsula server. add_site
Miscellaneous
Modify Site Configuration Updates the configuration of the specified site on the Imperva Incapsula server, based on the Site ID and other input parameters you have specified. update_site
Miscellaneous
Modify Site Logs Level Updates the log levels of the specified site on the Imperva Incapsula server, based on the Site ID and log level that you have specified. update_site
Miscellaneous
Modify Site Security Configuration Updates the security configuration of the specified site on the Imperva Incapsula server, based on the Site ID and Rule ID you have specified. update_site
Miscellaneous
Modify Site ACL Configuration Updates the Access Control List(ACL) configuration of the specified site on the Imperva Incapsula server, based on the Site ID and Rule ID you have specified. update_site
Miscellaneous
Modify or Create Whitelists Configuration Creates or Updates the whitelist configuration of the specified site on the Imperva Incapsula server, based on the Site ID and other parameters you have specified. update_site
Miscellaneous
Get Site Status Retrieves the status of the specified site on the Imperva Incapsula server, based on the Site ID you have specified. get_site_status
Investigation
List Sites Retrieves a list of all sites for a specified account from the Imperva Incapsula server. list_sites
Investigation
Get Domain Approver E-mail IDs Retrieves the email address of the domain approver of the specified domain from the Imperva Incapsula server, based on the domain name you have specified. get_email
Investigation
Get Site Report Retrieves the PCI Compliance report of the specified site from the Imperva Incapsula server, based on the site ID you have specified. get_site_report
Investigation
Get IP Ranges Retrieves the updated list of Incapsula IP ranges from the Imperva Incapsula server. get_ip_ranges
Investigation
Get Client Applications Info Retrieves a list of client applications from the Imperva Incapsula server. get_client_app_info
Investigation
Get Statistics Retrieves statistics of one or more sites from the Imperva Incapsula server, based on the site ID(s) you have specified. get_stats
Investigation
Get Visits Retrieves a log of recent visits to a specified site from the Imperva Incapsula server, based on the site ID and other parameters you have specified. get_visits
Investigation
Get Login Protect Users Retrieves the login protect user list of the specified account from the Imperva Incapsula server, based on the account ID you have specified. get_login_protect_users
Investigation
Purge Site Cache Purges all the cached content for a specific site from the Imperva Incapsula proxy server, based on the siteID you have specified. purge_site_cache
Investigation
Purge Resource Purges all the site resources for a specific site from the Imperva Incapsula server, based on the siteID you have specified. purge_resource
Investigation
Purge Hostname Purges the specified hostname from the cache on the Imperva Incapsula server. purge_hostname
Investigation
Delete Site Deletes the specified site from the Imperva Incapsula server. delete_site
Miscellaneous

 

operation: Add Site

Input parameters

 

Parameter Description
Domain Domain name of the site that you want to add to Imperva Incapsula.
For example, www.example.com
Send Site Setup Emails If you select this option, i.e., set it to True, then the user will receive emails about processes related to add site, such as DNS instructions and SSL Setup. If this option is not selected, i.e., set it to False, then the user will not receive emails about processes related to add site.
By default, this is set to False.
Force SSL If you select this option, i.e., set it to True, then you must manually set the site to support SSL.
By default, this is set to False.

 

Output

The JSON output contains details of the site added to Imperva Incapsula.

Following image displays a sample output:

operation: Modify Site Configuration

Input parameters

 

Parameter Description
Site ID ID of the site whose details you want to update on Imperva Incapsula.
Param Name of the configuration parameter that you want to update on Imperva Incapsula.
You can choose from the following options: Active, Site IP, Domain Validation, Approver, Ignore SSL, Domain Redirect To Full, or Remove SSL.
Value Value of the configuration parameter that you want to update on Imperva Incapsula.
For example, if you select Site IP, then an IP addresses field will be displayed. Specify the value of the IP addresses that you want to update on Imperva Incapsula in this field.

 

Output

The JSON output contains details of the site updated on Imperva Incapsula.

Following image displays a sample output:

operation: Modify Site Logs Level

Input parameters

 

Parameter Description
Site ID ID of the site whose log levels you want to update on Imperva Incapsula.
Log Level Log reporting level that you want to set on the specified site.
You can choose from the following options: Full, Security, None, or Default.

 

Output

The JSON output contains details (including the logs levels set) of the site updated on Imperva Incapsula.

Following image displays a sample output:

operation: Modify Site Security Configuration

Input parameters

Parameter Description
Site ID ID of the site whose site security configuration you want to update on Imperva Incapsula.
Rule ID ID of the security rule that you want to set on the specified site.
You can choose from the following options: Bot Access Control, SQL Injection, Cross Site Scripting, Illegal Resource Access, Backdoor, DDoS, or Remote File Inclusion.
Note: Each Rule ID have their own specific parameters that you have to specify. See the following "Rule ID Parameter Description" table for more information.

 

Rule ID Parameter Description

Rule ID Description
Bot Access Control Following values can be set for this Rule ID: Block Bad Bots and Challenge Suspected Bots.
SQL Injection Following values can be set for this Rule ID: Disable, Alert, Block Request, or Block IP.
Cross Site Scripting Following values can be set for this Rule ID: Disable, Alert, Block Request, or Block IP.
Illegal Resource Access Following values can be set for this Rule ID: Disable, Alert, Block Request, or Block IP.
Backdoor Following values can be set for this Rule ID: Disable, Alert, Block Request, or Block IP.
DDoS Following values can be set for this Rule ID: Activation Mode and DDoS Traffic Threshold.
Activation Mode: If the activation_mode is set as OFF, then the security measures are disabled, even if site is under a DDoS attack. You can choose from the following options: ON, OFF, or AUTO.
DDoS Traffic Threshold: Considers site to be under DDoS if the request rate is above for provided threshold. You can choose from the following options: 10, 20, 50, 100, 200, 300, 400, 500, 750, 850, 1000, 1500, 2000, 3000, 4000, or 5000.
Remote File Inclusion Following values can be set for this Rule ID: Disable, Alert, Block Request, or Block IP.

Output

The JSON output contains details of the updated security configuration for the specified site on Imperva Incapsula.

Following image displays a sample output:

operation: Modify Site ACL Configuration

Input parameters

Parameter Description
Site ID ID of the site whose site ACL configuration you want to update on Imperva Incapsula.
Rule ID ID of the ACL rule that you want to set on the specified site.
You can choose from the following options: Blacklisted Countries, Blacklisted URLs, Blacklisted IPs, Whitelisted IPs.
Note: Each Rule ID have their own specific parameters that you have to specify. See the following "Rule ID Parameter Description" table for more information.

 

Rule ID Parameter Description

Rule ID Description
Blacklisted Countries A comma-separated list of country codes. An empty list will remove all countries.
Blacklisted URLs Following values can be set for this Rule ID: URLs or URL Patterns.
URLs: A comma-separated list of resource paths. For example, /home and /admin/index.html are resource paths, while http://www.example.com/home is not. An empty URL list will remove all URLs.
URL Patterns: A comma-separated list of URL patterns. One of: contains | equals | prefix | suffix | not_equals | not_contain | not_prefix | not_suffix. The patterns should match with the matching URLs sent by the URLs parameter.
Blacklisted IPs A comma-separated list of IPs or IP ranges or subnets.
For example, 111.111.1.1, 111.111.1.1-111.111.1.100 or 111.111.1.1/24
Whitelisted IPs A comma-separated list of IPs or IP ranges or subnets.
For example, 111.111.1.1, 111.111.1.1-111.111.1.100 or 111.111.1.1/24

Output

The JSON output contains details of the updated ACL configuration for the specified site on Imperva Incapsula.

Following image displays a sample output:

 

operation: Modify or Create Whitelists Configuration

Input parameters

Parameter Description
Site ID ID of the site whose site whitelist configuration you want to create or update on Imperva Incapsula.
Rule ID ID of the rule that you want to set or update on the specified site.
You can choose from the following options: Bot Access Control, SQL Injection, Cross Site Scripting, Illegal Resource Access, Backdoor, DDoS, or Remote File Inclusion.
Note: Each Rule ID have their own specific parameters that you have to specify. See the "Rule ID Parameter Description" table in the Modify Site Security Configuration section for more information.
URLs (Optional) A comma-separated list of resource paths that you want to add or update in the whitelist.
For example, /admin/index.html is a resource path, while http://www.example.com/home is not. An empty URL list will remove all URLs.
IP Addresses (Optional) A comma-separated list of IPs or IP ranges or subnets that you want to add or update in the whitelist.
For example, 111.111.1.1, 111.111.1.1-111.111.1.100 or 111.111.1.1/24. An empty IP list will remove all IP addresses.
Countries (Optional) A comma-separated list of country codes that you want to add or update in the whitelist.
Whitelist ID (Optional) ID of the whitelist you want to update.
Note: If this is a new whitelist, then keep this field blank.
Delete Whitelist (Optional) If you select this option, i.e., set it to True and a whitelist ID is sent, then the whitelist will be deleted.
By default, this is set to False.

 

Output

The JSON output contains details of the whitelist that you have created or updated on Imperva Incapsula.

Following image displays a sample output:

operation: Get Site Status

Input parameters

 

Parameter Description
Site ID ID of the site whose status details you want to retrieve from Imperva Incapsula.

 

Output

The JSON output contains status details for the specified site retrieved from Imperva Incapsula.

Following image displays a sample output:

operation: List Sites

Input parameters

 

Parameter Description
Account ID ID of the account whose site listings and details you want to retrieve from Imperva Incapsula.
If you do not specify the account ID, then this operation will be performed on the account identified by the authentication parameters.
Page Size (Optional) Number of results that this operation should return.
By default, this is set to 50.
Page Size (Optional) Page number from which you want to retrieve records.
By default, this is set to 0.

 

Output

The JSON output contains all the sites that are associated with the specified account ID retrieved from Imperva Incapsula.

Following image displays a sample output:

operation: Get Domain Approver E-mail IDs

Input parameters

Parameter Description
Domain Name of the domain whose domain approver's email address you want to retrieve from Imperva Incapsula.

Output

The JSON output contains all the email addresses of the domain approvers that are associated with the specified domain name retrieved from Imperva Incapsula.

Following image displays a sample output:

operation: Get Site Report

Note: This operation uploads the report retrieved from Imperva Incapsula as an attachment in FortiSOAR™.

Input parameters

 

Parameter Description
Site ID ID of the site whose site report you want to retrieve from Imperva Incapsula.
Format Format in which you want to get the report.
You can choose from the following options: HTML or PDF.
By default, this is set to PDF.
Time Range (Optional) Time range for which you want to retrieve data from Imperva Incapsula for the report.
You can choose from the following options: Today, Last 7 Days, Last 30 Days, Last 90 Days, or Month To Date.
By default, this is set to Today.

Output

The JSON output contains details of the report retrieved from Imperva Incapsula and created in FortiSOAR™, based on the site ID and other parameters you have specified.

Following image displays a sample output:

operation: Get IP Ranges

Input parameters

None

Output

The JSON output contains the updated list of Incapsula IP ranges retrieved from the Imperva Incapsula server.

Following image displays a sample output:

operation: Get Client Applications Info

Input parameters

None

Output

The JSON output contains the client applications information retrieved from the Imperva Incapsula server.

Following image displays a sample output:

operation: Get Statistics

Input parameters

 

Parameter Description
Site ID ID of the site whose site statistics you want to retrieve from Imperva Incapsula.
Time Range (Optional) Time range for which you want to retrieve statistics from Imperva Incapsula.
You can choose from the following options: Today, Last 7 Days, Last 30 Days, Last 90 Days, Month To Date.
By default, this is set to Today.
Stats Type of statistics information that you want to retrieve for the specified site from Imperva Incapsula.
You can choose from the following options: Threats, Incap Rules, Caching Timeseries, Caching, Visits Dist Summary, Requests Geo Dist Summary, Bandwidth Timeseries, Hits Timeseries, Visits Timeseries, or Incap Rules Timeseries.
By default, this is set to Threats.
Account ID (Optional)ID of the account whose associated sites' statistics you want to retrieve from Imperva Incapsula.
If you do not specify the account ID, then this operation will be performed on the account identified by the authentication parameters.

Output

The JSON output contains statistics of the specified site retrieved from Imperva Incapsula and created in FortiSOAR™, based on the site ID and other parameters you have specified.

Following image displays a sample output:

operation: Get Visits

Input parameters

 

Parameter Description
Site ID ID of the site whose log of recent visits you want to retrieve from Imperva Incapsula.
Time Range (Optional)Time range for which you want to retrieve the log of recent visits for the specified site from Imperva Incapsula.
You can choose from the following options: Today, Last 7 Days, Last 30 Days, Last 90 Days, Month To Date.
By default, this is set to Today.
Page Size (Optional) Number of results that this operation should return.
By default, this is set to 50.
Page Size (Optional) Page number from which you want to retrieve records.
By default, this is set to 0.
IP Address (Optional) Filter the sessions coming from the IP Address that you specify.

Output

The JSON output contains the log of recent visits to a specified site from the Imperva Incapsula server, based on the site ID and other parameters you have specified.

Note: Not all visits are recorded; only visits with abnormal activity are recorded, such as a violation of security rules and visits from blacklisted IP addresses or countries.

Following image displays a sample output:

operation: Get Login Protect Users

Input parameters

Parameter Description
Account ID (Optional)ID of the account whose login protect user list you want to retrieve from Imperva Incapsula.

Output

The JSON output contains the login protect user list of the specified account retrieved from the Imperva Incapsula server, based on the account ID you have specified.

Following image displays a sample output:

operation: Purge Site Cache

Input parameters

Parameter Description
Site ID ID of the site whose cache content you want to purge from Imperva Incapsula.

Output

The JSON output displays res_message: OK if the cache content is purged from the Imperva Incapsula server for the site ID you have specified.

Following image displays a sample output:

operation: Purge Resource

Input parameters

Parameter Description
Site ID ID of the site whose cached resources you want to purge from Imperva Incapsula.
Purge All Cached Resources If you select this option, i.e., set it to True, them all cached resources of the specified site will be purged.
By default, this is set to True.

Output

The JSON output displays res_message: OK if the cached resources are purged from the Imperva Incapsula server for the site ID you have specified.

Following image displays a sample output:

operation: Purge Hostname

Input parameters

Note: This API is for customers who use the same CNAME provided by Incapsula for multiple hostnames and would like to change the CNAME for a particular hostname. Purging the hostname is required for the CNAME change to take effect.

Parameter Description
Hostname Hostname that you want to purge from the cache on Imperva Incapsula.

Output

The JSON output displays res_message: OK if the hostname is purged from the cache on the Imperva Incapsula server, based on the hostname you have specified.

Following image displays a sample output:

operation: Delete Site

Input parameters

Parameter Description
Site ID ID of the site that you want to delete from Imperva Incapsula.

Output

The JSON output displays res_message: OK if the site that you have specified is deleted from the Imperva Incapsula server, based on the site ID you have specified.

Following image displays a sample output:

 

Included playbooks

The Sample - Imperva Incapsula - 1.0.0 playbook collection comes bundled with the Imperva Incapsula connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Imperva Incapsula connector.

  • Add Site
  • Delete Site
  • Get Client Applications Info
  • Get Domain Approver E-mail IDs
  • Get IP Ranges
  • Get Login Protect Users
  • Get Site Report
  • Get Site Status
  • Get Statistics
  • Get Visits
  • List Sites
  • Modify or Create Whitelists Configuration
  • Modify Site ACL Configuration
  • Modify Site Configuration
  • Modify Site Logs Level
  • Modify Site Security Configuration
  • Purge Hostname
  • Purge Resource
  • Purge Site Cache

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

 

About the connector

Imperva Incapsula is a cloud-based application delivery platform. It uses a global content delivery network to provide web application security, DDoS mitigation, content caching, application delivery, load balancing and failover services.

This document provides information about the Imperva Incapsula connector, which facilitates automated interactions, with a Imperva Incapsula server using FortiSOAR™ playbooks. Add the Imperva Incapsula connector as a step in FortiSOAR™ playbooks and perform automated operations, such as adding sites, retrieving site status, and modifying site configurations.

 

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 4.11.0-1161

Authored By: Fortinet

Certified: Yes

 

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-imperva-incapsula

For the detailed procedure to install a connector, click here.

 

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here.

 

Configuration parameters

In FortiSOAR™, on the Connectors page, select the Imperva Incapsula connector and click Configure to configure the following parameters:

 

Parameter Description
Server URL URL of the Imperva Incapsula server to which you will connect and perform automated operations.
API ID API ID of the Imperva Incapsula server to which you will connect and perform automated operations.
API Key API Key of the Imperva Incapsula server to which you will connect and perform automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

 

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Add Site Adds a new site to an account on the Imperva Incapsula server. add_site
Miscellaneous
Modify Site Configuration Updates the configuration of the specified site on the Imperva Incapsula server, based on the Site ID and other input parameters you have specified. update_site
Miscellaneous
Modify Site Logs Level Updates the log levels of the specified site on the Imperva Incapsula server, based on the Site ID and log level that you have specified. update_site
Miscellaneous
Modify Site Security Configuration Updates the security configuration of the specified site on the Imperva Incapsula server, based on the Site ID and Rule ID you have specified. update_site
Miscellaneous
Modify Site ACL Configuration Updates the Access Control List(ACL) configuration of the specified site on the Imperva Incapsula server, based on the Site ID and Rule ID you have specified. update_site
Miscellaneous
Modify or Create Whitelists Configuration Creates or Updates the whitelist configuration of the specified site on the Imperva Incapsula server, based on the Site ID and other parameters you have specified. update_site
Miscellaneous
Get Site Status Retrieves the status of the specified site on the Imperva Incapsula server, based on the Site ID you have specified. get_site_status
Investigation
List Sites Retrieves a list of all sites for a specified account from the Imperva Incapsula server. list_sites
Investigation
Get Domain Approver E-mail IDs Retrieves the email address of the domain approver of the specified domain from the Imperva Incapsula server, based on the domain name you have specified. get_email
Investigation
Get Site Report Retrieves the PCI Compliance report of the specified site from the Imperva Incapsula server, based on the site ID you have specified. get_site_report
Investigation
Get IP Ranges Retrieves the updated list of Incapsula IP ranges from the Imperva Incapsula server. get_ip_ranges
Investigation
Get Client Applications Info Retrieves a list of client applications from the Imperva Incapsula server. get_client_app_info
Investigation
Get Statistics Retrieves statistics of one or more sites from the Imperva Incapsula server, based on the site ID(s) you have specified. get_stats
Investigation
Get Visits Retrieves a log of recent visits to a specified site from the Imperva Incapsula server, based on the site ID and other parameters you have specified. get_visits
Investigation
Get Login Protect Users Retrieves the login protect user list of the specified account from the Imperva Incapsula server, based on the account ID you have specified. get_login_protect_users
Investigation
Purge Site Cache Purges all the cached content for a specific site from the Imperva Incapsula proxy server, based on the siteID you have specified. purge_site_cache
Investigation
Purge Resource Purges all the site resources for a specific site from the Imperva Incapsula server, based on the siteID you have specified. purge_resource
Investigation
Purge Hostname Purges the specified hostname from the cache on the Imperva Incapsula server. purge_hostname
Investigation
Delete Site Deletes the specified site from the Imperva Incapsula server. delete_site
Miscellaneous

 

operation: Add Site

Input parameters

 

Parameter Description
Domain Domain name of the site that you want to add to Imperva Incapsula.
For example, www.example.com
Send Site Setup Emails If you select this option, i.e., set it to True, then the user will receive emails about processes related to add site, such as DNS instructions and SSL Setup. If this option is not selected, i.e., set it to False, then the user will not receive emails about processes related to add site.
By default, this is set to False.
Force SSL If you select this option, i.e., set it to True, then you must manually set the site to support SSL.
By default, this is set to False.

 

Output

The JSON output contains details of the site added to Imperva Incapsula.

Following image displays a sample output:

operation: Modify Site Configuration

Input parameters

 

Parameter Description
Site ID ID of the site whose details you want to update on Imperva Incapsula.
Param Name of the configuration parameter that you want to update on Imperva Incapsula.
You can choose from the following options: Active, Site IP, Domain Validation, Approver, Ignore SSL, Domain Redirect To Full, or Remove SSL.
Value Value of the configuration parameter that you want to update on Imperva Incapsula.
For example, if you select Site IP, then an IP addresses field will be displayed. Specify the value of the IP addresses that you want to update on Imperva Incapsula in this field.

 

Output

The JSON output contains details of the site updated on Imperva Incapsula.

Following image displays a sample output:

operation: Modify Site Logs Level

Input parameters

 

Parameter Description
Site ID ID of the site whose log levels you want to update on Imperva Incapsula.
Log Level Log reporting level that you want to set on the specified site.
You can choose from the following options: Full, Security, None, or Default.

 

Output

The JSON output contains details (including the logs levels set) of the site updated on Imperva Incapsula.

Following image displays a sample output:

operation: Modify Site Security Configuration

Input parameters

Parameter Description
Site ID ID of the site whose site security configuration you want to update on Imperva Incapsula.
Rule ID ID of the security rule that you want to set on the specified site.
You can choose from the following options: Bot Access Control, SQL Injection, Cross Site Scripting, Illegal Resource Access, Backdoor, DDoS, or Remote File Inclusion.
Note: Each Rule ID have their own specific parameters that you have to specify. See the following "Rule ID Parameter Description" table for more information.

 

Rule ID Parameter Description

Rule ID Description
Bot Access Control Following values can be set for this Rule ID: Block Bad Bots and Challenge Suspected Bots.
SQL Injection Following values can be set for this Rule ID: Disable, Alert, Block Request, or Block IP.
Cross Site Scripting Following values can be set for this Rule ID: Disable, Alert, Block Request, or Block IP.
Illegal Resource Access Following values can be set for this Rule ID: Disable, Alert, Block Request, or Block IP.
Backdoor Following values can be set for this Rule ID: Disable, Alert, Block Request, or Block IP.
DDoS Following values can be set for this Rule ID: Activation Mode and DDoS Traffic Threshold.
Activation Mode: If the activation_mode is set as OFF, then the security measures are disabled, even if site is under a DDoS attack. You can choose from the following options: ON, OFF, or AUTO.
DDoS Traffic Threshold: Considers site to be under DDoS if the request rate is above for provided threshold. You can choose from the following options: 10, 20, 50, 100, 200, 300, 400, 500, 750, 850, 1000, 1500, 2000, 3000, 4000, or 5000.
Remote File Inclusion Following values can be set for this Rule ID: Disable, Alert, Block Request, or Block IP.

Output

The JSON output contains details of the updated security configuration for the specified site on Imperva Incapsula.

Following image displays a sample output:

operation: Modify Site ACL Configuration

Input parameters

Parameter Description
Site ID ID of the site whose site ACL configuration you want to update on Imperva Incapsula.
Rule ID ID of the ACL rule that you want to set on the specified site.
You can choose from the following options: Blacklisted Countries, Blacklisted URLs, Blacklisted IPs, Whitelisted IPs.
Note: Each Rule ID have their own specific parameters that you have to specify. See the following "Rule ID Parameter Description" table for more information.

 

Rule ID Parameter Description

Rule ID Description
Blacklisted Countries A comma-separated list of country codes. An empty list will remove all countries.
Blacklisted URLs Following values can be set for this Rule ID: URLs or URL Patterns.
URLs: A comma-separated list of resource paths. For example, /home and /admin/index.html are resource paths, while http://www.example.com/home is not. An empty URL list will remove all URLs.
URL Patterns: A comma-separated list of URL patterns. One of: contains | equals | prefix | suffix | not_equals | not_contain | not_prefix | not_suffix. The patterns should match with the matching URLs sent by the URLs parameter.
Blacklisted IPs A comma-separated list of IPs or IP ranges or subnets.
For example, 111.111.1.1, 111.111.1.1-111.111.1.100 or 111.111.1.1/24
Whitelisted IPs A comma-separated list of IPs or IP ranges or subnets.
For example, 111.111.1.1, 111.111.1.1-111.111.1.100 or 111.111.1.1/24

Output

The JSON output contains details of the updated ACL configuration for the specified site on Imperva Incapsula.

Following image displays a sample output:

 

operation: Modify or Create Whitelists Configuration

Input parameters

Parameter Description
Site ID ID of the site whose site whitelist configuration you want to create or update on Imperva Incapsula.
Rule ID ID of the rule that you want to set or update on the specified site.
You can choose from the following options: Bot Access Control, SQL Injection, Cross Site Scripting, Illegal Resource Access, Backdoor, DDoS, or Remote File Inclusion.
Note: Each Rule ID have their own specific parameters that you have to specify. See the "Rule ID Parameter Description" table in the Modify Site Security Configuration section for more information.
URLs (Optional) A comma-separated list of resource paths that you want to add or update in the whitelist.
For example, /admin/index.html is a resource path, while http://www.example.com/home is not. An empty URL list will remove all URLs.
IP Addresses (Optional) A comma-separated list of IPs or IP ranges or subnets that you want to add or update in the whitelist.
For example, 111.111.1.1, 111.111.1.1-111.111.1.100 or 111.111.1.1/24. An empty IP list will remove all IP addresses.
Countries (Optional) A comma-separated list of country codes that you want to add or update in the whitelist.
Whitelist ID (Optional) ID of the whitelist you want to update.
Note: If this is a new whitelist, then keep this field blank.
Delete Whitelist (Optional) If you select this option, i.e., set it to True and a whitelist ID is sent, then the whitelist will be deleted.
By default, this is set to False.

 

Output

The JSON output contains details of the whitelist that you have created or updated on Imperva Incapsula.

Following image displays a sample output:

operation: Get Site Status

Input parameters

 

Parameter Description
Site ID ID of the site whose status details you want to retrieve from Imperva Incapsula.

 

Output

The JSON output contains status details for the specified site retrieved from Imperva Incapsula.

Following image displays a sample output:

operation: List Sites

Input parameters

 

Parameter Description
Account ID ID of the account whose site listings and details you want to retrieve from Imperva Incapsula.
If you do not specify the account ID, then this operation will be performed on the account identified by the authentication parameters.
Page Size (Optional) Number of results that this operation should return.
By default, this is set to 50.
Page Size (Optional) Page number from which you want to retrieve records.
By default, this is set to 0.

 

Output

The JSON output contains all the sites that are associated with the specified account ID retrieved from Imperva Incapsula.

Following image displays a sample output:

operation: Get Domain Approver E-mail IDs

Input parameters

Parameter Description
Domain Name of the domain whose domain approver's email address you want to retrieve from Imperva Incapsula.

Output

The JSON output contains all the email addresses of the domain approvers that are associated with the specified domain name retrieved from Imperva Incapsula.

Following image displays a sample output:

operation: Get Site Report

Note: This operation uploads the report retrieved from Imperva Incapsula as an attachment in FortiSOAR™.

Input parameters

 

Parameter Description
Site ID ID of the site whose site report you want to retrieve from Imperva Incapsula.
Format Format in which you want to get the report.
You can choose from the following options: HTML or PDF.
By default, this is set to PDF.
Time Range (Optional) Time range for which you want to retrieve data from Imperva Incapsula for the report.
You can choose from the following options: Today, Last 7 Days, Last 30 Days, Last 90 Days, or Month To Date.
By default, this is set to Today.

Output

The JSON output contains details of the report retrieved from Imperva Incapsula and created in FortiSOAR™, based on the site ID and other parameters you have specified.

Following image displays a sample output:

operation: Get IP Ranges

Input parameters

None

Output

The JSON output contains the updated list of Incapsula IP ranges retrieved from the Imperva Incapsula server.

Following image displays a sample output:

operation: Get Client Applications Info

Input parameters

None

Output

The JSON output contains the client applications information retrieved from the Imperva Incapsula server.

Following image displays a sample output:

operation: Get Statistics

Input parameters

 

Parameter Description
Site ID ID of the site whose site statistics you want to retrieve from Imperva Incapsula.
Time Range (Optional) Time range for which you want to retrieve statistics from Imperva Incapsula.
You can choose from the following options: Today, Last 7 Days, Last 30 Days, Last 90 Days, Month To Date.
By default, this is set to Today.
Stats Type of statistics information that you want to retrieve for the specified site from Imperva Incapsula.
You can choose from the following options: Threats, Incap Rules, Caching Timeseries, Caching, Visits Dist Summary, Requests Geo Dist Summary, Bandwidth Timeseries, Hits Timeseries, Visits Timeseries, or Incap Rules Timeseries.
By default, this is set to Threats.
Account ID (Optional)ID of the account whose associated sites' statistics you want to retrieve from Imperva Incapsula.
If you do not specify the account ID, then this operation will be performed on the account identified by the authentication parameters.

Output

The JSON output contains statistics of the specified site retrieved from Imperva Incapsula and created in FortiSOAR™, based on the site ID and other parameters you have specified.

Following image displays a sample output:

operation: Get Visits

Input parameters

 

Parameter Description
Site ID ID of the site whose log of recent visits you want to retrieve from Imperva Incapsula.
Time Range (Optional)Time range for which you want to retrieve the log of recent visits for the specified site from Imperva Incapsula.
You can choose from the following options: Today, Last 7 Days, Last 30 Days, Last 90 Days, Month To Date.
By default, this is set to Today.
Page Size (Optional) Number of results that this operation should return.
By default, this is set to 50.
Page Size (Optional) Page number from which you want to retrieve records.
By default, this is set to 0.
IP Address (Optional) Filter the sessions coming from the IP Address that you specify.

Output

The JSON output contains the log of recent visits to a specified site from the Imperva Incapsula server, based on the site ID and other parameters you have specified.

Note: Not all visits are recorded; only visits with abnormal activity are recorded, such as a violation of security rules and visits from blacklisted IP addresses or countries.

Following image displays a sample output:

operation: Get Login Protect Users

Input parameters

Parameter Description
Account ID (Optional)ID of the account whose login protect user list you want to retrieve from Imperva Incapsula.

Output

The JSON output contains the login protect user list of the specified account retrieved from the Imperva Incapsula server, based on the account ID you have specified.

Following image displays a sample output:

operation: Purge Site Cache

Input parameters

Parameter Description
Site ID ID of the site whose cache content you want to purge from Imperva Incapsula.

Output

The JSON output displays res_message: OK if the cache content is purged from the Imperva Incapsula server for the site ID you have specified.

Following image displays a sample output:

operation: Purge Resource

Input parameters

Parameter Description
Site ID ID of the site whose cached resources you want to purge from Imperva Incapsula.
Purge All Cached Resources If you select this option, i.e., set it to True, them all cached resources of the specified site will be purged.
By default, this is set to True.

Output

The JSON output displays res_message: OK if the cached resources are purged from the Imperva Incapsula server for the site ID you have specified.

Following image displays a sample output:

operation: Purge Hostname

Input parameters

Note: This API is for customers who use the same CNAME provided by Incapsula for multiple hostnames and would like to change the CNAME for a particular hostname. Purging the hostname is required for the CNAME change to take effect.

Parameter Description
Hostname Hostname that you want to purge from the cache on Imperva Incapsula.

Output

The JSON output displays res_message: OK if the hostname is purged from the cache on the Imperva Incapsula server, based on the hostname you have specified.

Following image displays a sample output:

operation: Delete Site

Input parameters

Parameter Description
Site ID ID of the site that you want to delete from Imperva Incapsula.

Output

The JSON output displays res_message: OK if the site that you have specified is deleted from the Imperva Incapsula server, based on the site ID you have specified.

Following image displays a sample output:

 

Included playbooks

The Sample - Imperva Incapsula - 1.0.0 playbook collection comes bundled with the Imperva Incapsula connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Imperva Incapsula connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.