About the connector
Imperva SecureSphere Web Application Firewall (WAF) analyzes and inspects requests coming into websites, mobile applications, and APIs, and stops these attacks.
This document provides information about the Imperva SecureSphere WAF connector, which facilitates automated interactions, with an Imperva SecureSphere MX server using FortiSOAR™ playbooks. Add the Imperva SecureSphere WAF connector as a step in FortiSOAR™ playbooks and perform automated operations, such as adding a creating or updating a web service custom policy to block an IP address or a network, or retrieving all web service custom policies from Imperva SecureSphere WAF.
Version information
Connector Version: 1.0.0
FortiSOAR™ versions Tested on: 4.11.0-1161
Authored By: Fortinet
Certified: Yes
Installing the connector
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:
yum install cyops-connector-imperva-securesphere-waf
For the detailed procedure to install a connector, click here
Prerequisites to configuring the connector
- You must have the URL of Imperva SecureSphere MX server to which you will connect and perform automated operations and credentials (username-password pair) to access that server.
- To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.
Configuring the connector
For the procedure to configure a connector, click here
Configuration parameters
In FortiSOAR™, on the connectors page, select the Imperva SecureSphere WAF connector, and click Configure to configure the following parameters:
| Parameter |
Description |
| Server Address |
IP address or FQDN of the Imperva SecureSphere MX server to which you will connect and perform the automated operations. |
| Username |
Username to access the Imperva SecureSphere MX server to which you will connect and perform the automated operations. |
| Password |
Password to access the Imperva SecureSphere MX server to which you will connect and perform the automated operations. |
| Port |
Port of the Imperva SecureSphere MX server.
Defaults to 8083 for the https protocol. For the http protocol, set the port as 6080. |
| Verify SSL |
Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True. |
Actions supported by the connector
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
| Function |
Description |
Annotation and Category |
| Policy to Block IP |
Creates or updates a web service custom policy that is used to block an IP address or IP group from Imperva SecureSphere WAF, based on the web service custom policy name and other input parameters you have specified. |
policy_block_ip
Containment |
| Get All Web Service Custom Policies |
Retrieves a list and details of all web service custom policies from Imperva SecureSphere WAF. |
get_policy
Investigation |
| Get Web Service Custom Policy Details |
Retrieves details of a specified web service custom policy from Imperva SecureSphere WAF, based on the web service custom policy name you have specified. |
get_policy
Investigation |
| Get IP Group |
Retrieves all the rows of an IP Group from Imperva SecureSphere WAF, based on the IP group name you have specified. |
get_ip_group
Investigation |
| Update IP Group |
Update entries in a specified IP group from Imperva SecureSphere WAF, based on the IP group name, the IP address, network or range in which you want to update the IP group with the action that you have specified which requires to be performed. |
update_ip_group
Investigation |
| Update Policy to Unblock IP |
Updates a web service custom policy that is used to unblock an IP address or IP group on Imperva SecureSphere WAF, based on the web service custom policy name and other input parameters you have specified. |
unblock_ip
Remediation |
operation: Policy to Block IP
Input parameters
| Parameter |
Description |
| Action |
Action that you want to perform, i.e., whether you want to create or update a web service custom policy on Imperva SecureSphere WAF.
If you want to create a new web service custom policy on Imperva SecureSphere WAF, then select Create Policy, and if you want to update a new web service custom policy on Imperva SecureSphere WAF, then select Update Policy. |
| Web Service Custom Policy Name |
Name of the web service custom policy that you want to create or update on Imperva SecureSphere WAF to block IP addresses or IP groups. |
| Severity |
Severity of the web service custom policy that you want to create or update on Imperva SecureSphere WAF.
You can choose from the following options: No Alert, Informative, Low, Medium, or High. |
| IP Group Name |
Comma-separated list of IP group names for blocking IP addresses or networks using the web service custom policy that you want to create or update on Imperva SecureSphere WAF. |
| IP Address |
Comma-separated list of IP addresses that you want to block using the web service custom policy that you want to create or update on Imperva SecureSphere WAF. |
Output
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
operation: Get All Web Service Custom Policies
Input parameters
None.
Output
The output contains the following populated JSON schema:
{
"result": [
{
'customWebPolicies': []
}
],
"status": ""
}
operation: Get Web Service Custom Policy Details
Input parameters
| Parameter |
Description |
| Web Service Custom Policy Name |
Name of the web service custom policy whose details you want to retrieve from Imperva SecureSphere WAF. |
Output
The output contains the following populated JSON schema:
{
"result": {
"matchCriteria": [
{
"operation": "",
"type": "",
"ipGroups": [],
"userDefined": []
}
],
"displayResponsePage": "",
"enabled": "",
"oneAlertPerSession": "",
"applyTo": [
{
"siteName": "",
"webServiceName": "",
"serverGroupName": ""
}
],
"severity": "",
"action": "",
"followedAction": ""
},
"status": ""
}
operation: Get IP Group
Input parameters
| Parameter |
Description |
| IP Group Name |
Name of the IP group whose rows you want to retrieve from Imperva SecureSphere WAF. |
Output
The output contains the following populated JSON schema:
{
"result": [
{
"type": "",
"ipAddressFrom": ""
}
],
"status": ""
}
operation: Update IP Group
Input parameters
| Parameter |
Description |
| IP Group Name |
Name of the IP group that you want to update on Imperva SecureSphere WAF. |
| IP/Network/Range |
Comma-separated list of IP addresses, networks, or range that you want to update in the IP group you have specified on Imperva SecureSphere WAF. |
| Action |
Action that you want to perform, i.e., you can add or remove rows in the IP group that you have specified on Imperva SecureSphere WAF. |
Output
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
operation: Update Policy to Unblock IP
Input parameters
| Parameter |
Description |
| Web Service Custom Policy Name |
Name of the web service custom policy that you want to update on Imperva SecureSphere WAF to unblock IP addresses or IP groups. |
| Severity |
Severity of the existing web service custom policy that you want to update on Imperva SecureSphere WAF.
You can choose from the following options: No Alert, Informative, Low, Medium, or High. |
| IP Group Name |
Comma-separated list of IP group names for unblocking IP addresses, networks, or range using the web service custom policy that you want to update on Imperva SecureSphere WAF. |
| IP Address |
Comma-separated list of IP addresses that you want to unblock using the web service custom policy that you want to update on Imperva SecureSphere WAF. |
Output
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
Included playbooks
The Sample - Imperva SecureSphere WAF - 1.0.0 playbook collection comes bundled with the Imperva SecureSphere WAF connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Imperva SecureSphere WAF connector.
- Get All Web Service Custom Policies
- Get IP Group
- Get Web Service Custom Policy Details
- Policy to Block IP
- Policy to Unblock IP
- Update IP Group
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
