Fortinet Document Library

Version:


Table of Contents

Imperva SecureSphere WAF

1.0.0
Copy Link

About the connector

Imperva SecureSphere Web Application Firewall (WAF) analyzes and inspects requests coming into websites, mobile applications, and APIs, and stops these attacks.

This document provides information about the Imperva SecureSphere WAF connector, which facilitates automated interactions, with an Imperva SecureSphere MX server using FortiSOAR™ playbooks. Add the Imperva SecureSphere WAF connector as a step in FortiSOAR™ playbooks and perform automated operations, such as adding a creating or updating a web service custom policy to block an IP address or a network, or retrieving all web service custom policies from Imperva SecureSphere WAF. 

Version information

Connector Version: 1.0.0

FortiSOAR™ versions Tested on: 4.11.0-1161

Authored By: Fortinet

Certified: Yes

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-imperva-securesphere-waf

For the detailed procedure to install a connector, click here

Prerequisites to configuring the connector

  • You must have the URL of Imperva SecureSphere MX server to which you will connect and perform automated operations and credentials (username-password pair) to access that server.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the connectors page, select the Imperva SecureSphere WAF connector, and click Configure to configure the following parameters:

Parameter Description
Server Address IP address or FQDN of the Imperva SecureSphere MX server to which you will connect and perform the automated operations.
Username Username to access the Imperva SecureSphere MX server to which you will connect and perform the automated operations.
Password Password to access the Imperva SecureSphere MX server to which you will connect and perform the automated operations.
Port Port of the Imperva SecureSphere MX server.
Defaults to 8083 for the https protocol. For the http protocol, set the port as 6080.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Policy to Block IP Creates or updates a web service custom policy that is used to block an IP address or IP group from Imperva SecureSphere WAF, based on the web service custom policy name and other input parameters you have specified. policy_block_ip
Containment
Get All Web Service Custom Policies Retrieves a list and details of all web service custom policies from Imperva SecureSphere WAF. get_policy
Investigation
Get Web Service Custom Policy Details Retrieves details of a specified web service custom policy from Imperva SecureSphere WAF, based on the web service custom policy name you have specified. get_policy
Investigation
Get IP Group Retrieves all the rows of an IP Group from Imperva SecureSphere WAF, based on the IP group name you have specified. get_ip_group
Investigation
Update IP Group Update entries in a specified IP group from Imperva SecureSphere WAF, based on the IP group name, the IP address, network or range in which you want to update the IP group with the action that you have specified which requires to be performed. update_ip_group
Investigation
Update Policy to Unblock IP Updates a web service custom policy that is used to unblock an IP address or IP group on Imperva SecureSphere WAF, based on the web service custom policy name and other input parameters you have specified. unblock_ip
Remediation

operation: Policy to Block IP

Input parameters

Parameter Description
Action Action that you want to perform, i.e., whether you want to create or update a web service custom policy on Imperva SecureSphere WAF.
If you want to create a new web service custom policy on Imperva SecureSphere WAF, then select Create Policy, and if you want to update a new web service custom policy on Imperva SecureSphere WAF, then select Update Policy.
Web Service Custom Policy Name Name of the web service custom policy that you want to create or update on Imperva SecureSphere WAF to block IP addresses or IP groups.
Severity Severity of the web service custom policy that you want to create or update on Imperva SecureSphere WAF.
You can choose from the following options: No Alert, Informative, Low, Medium, or High.
IP Group Name Comma-separated list of IP group names for blocking IP addresses or networks using the web service custom policy that you want to create or update on Imperva SecureSphere WAF.
IP Address Comma-separated list of IP addresses that you want to block using the web service custom policy that you want to create or update on Imperva SecureSphere WAF.  

Output

The output contains the following populated JSON schema:
{
     "result": "",
     "status": ""
}

operation: Get All Web Service Custom Policies

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
     "result": [
         {
             'customWebPolicies': []
         }
     ],
     "status": ""
}

operation: Get Web Service Custom Policy Details

Input parameters

Parameter Description
Web Service Custom Policy Name Name of the web service custom policy whose details you want to retrieve from Imperva SecureSphere WAF.

Output

The output contains the following populated JSON schema:
{
     "result": {
         "matchCriteria": [
             {
                 "operation": "",
                 "type": "",
                 "ipGroups": [],
                 "userDefined": []
             }
         ],
         "displayResponsePage": "",
         "enabled": "",
         "oneAlertPerSession": "",
         "applyTo": [
             {
                 "siteName": "",
                 "webServiceName": "",
                 "serverGroupName": ""
             }
         ],
         "severity": "",
         "action": "",
         "followedAction": ""
     },
     "status": ""
}

operation: Get IP Group

Input parameters

Parameter Description
IP Group Name Name of the IP group whose rows you want to retrieve from Imperva SecureSphere WAF.

Output

The output contains the following populated JSON schema:
{
     "result": [
         {
             "type": "",
             "ipAddressFrom": ""
         }
     ],
     "status": ""
}

operation: Update IP Group

Input parameters

Parameter Description
IP Group Name Name of the IP group that you want to update on Imperva SecureSphere WAF.
IP/Network/Range Comma-separated list of IP addresses, networks, or range that you want to update in the IP group you have specified on Imperva SecureSphere WAF.
Action Action that you want to perform, i.e., you can add or remove rows in the IP group that you have specified on Imperva SecureSphere WAF.

Output

The output contains the following populated JSON schema:
{
     "result": "",
     "status": ""
}

operation: Update Policy to Unblock IP

Input parameters

Parameter Description
Web Service Custom Policy Name Name of the web service custom policy that you want to update on Imperva SecureSphere WAF to unblock IP addresses or IP groups.
Severity Severity of the existing web service custom policy that you want to update on Imperva SecureSphere WAF.
You can choose from the following options: No Alert, Informative, Low, Medium, or High.
IP Group Name Comma-separated list of IP group names for unblocking IP addresses, networks, or range using the web service custom policy that you want to update on Imperva SecureSphere WAF.
IP Address Comma-separated list of IP addresses that you want to unblock using the web service custom policy that you want to update on Imperva SecureSphere WAF.  

Output

The output contains the following populated JSON schema:
{
     "result": "",
     "status": ""
}

Included playbooks

The Sample - Imperva SecureSphere WAF - 1.0.0 playbook collection comes bundled with the Imperva SecureSphere WAF connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Imperva SecureSphere WAF connector.

  • Get All Web Service Custom Policies
  • Get IP Group
  • Get Web Service Custom Policy Details
  • Policy to Block IP
  • Policy to Unblock IP
  • Update IP Group

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

About the connector

Imperva SecureSphere Web Application Firewall (WAF) analyzes and inspects requests coming into websites, mobile applications, and APIs, and stops these attacks.

This document provides information about the Imperva SecureSphere WAF connector, which facilitates automated interactions, with an Imperva SecureSphere MX server using FortiSOAR™ playbooks. Add the Imperva SecureSphere WAF connector as a step in FortiSOAR™ playbooks and perform automated operations, such as adding a creating or updating a web service custom policy to block an IP address or a network, or retrieving all web service custom policies from Imperva SecureSphere WAF. 

Version information

Connector Version: 1.0.0

FortiSOAR™ versions Tested on: 4.11.0-1161

Authored By: Fortinet

Certified: Yes

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-imperva-securesphere-waf

For the detailed procedure to install a connector, click here

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the connectors page, select the Imperva SecureSphere WAF connector, and click Configure to configure the following parameters:

Parameter Description
Server Address IP address or FQDN of the Imperva SecureSphere MX server to which you will connect and perform the automated operations.
Username Username to access the Imperva SecureSphere MX server to which you will connect and perform the automated operations.
Password Password to access the Imperva SecureSphere MX server to which you will connect and perform the automated operations.
Port Port of the Imperva SecureSphere MX server.
Defaults to 8083 for the https protocol. For the http protocol, set the port as 6080.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Policy to Block IP Creates or updates a web service custom policy that is used to block an IP address or IP group from Imperva SecureSphere WAF, based on the web service custom policy name and other input parameters you have specified. policy_block_ip
Containment
Get All Web Service Custom Policies Retrieves a list and details of all web service custom policies from Imperva SecureSphere WAF. get_policy
Investigation
Get Web Service Custom Policy Details Retrieves details of a specified web service custom policy from Imperva SecureSphere WAF, based on the web service custom policy name you have specified. get_policy
Investigation
Get IP Group Retrieves all the rows of an IP Group from Imperva SecureSphere WAF, based on the IP group name you have specified. get_ip_group
Investigation
Update IP Group Update entries in a specified IP group from Imperva SecureSphere WAF, based on the IP group name, the IP address, network or range in which you want to update the IP group with the action that you have specified which requires to be performed. update_ip_group
Investigation
Update Policy to Unblock IP Updates a web service custom policy that is used to unblock an IP address or IP group on Imperva SecureSphere WAF, based on the web service custom policy name and other input parameters you have specified. unblock_ip
Remediation

operation: Policy to Block IP

Input parameters

Parameter Description
Action Action that you want to perform, i.e., whether you want to create or update a web service custom policy on Imperva SecureSphere WAF.
If you want to create a new web service custom policy on Imperva SecureSphere WAF, then select Create Policy, and if you want to update a new web service custom policy on Imperva SecureSphere WAF, then select Update Policy.
Web Service Custom Policy Name Name of the web service custom policy that you want to create or update on Imperva SecureSphere WAF to block IP addresses or IP groups.
Severity Severity of the web service custom policy that you want to create or update on Imperva SecureSphere WAF.
You can choose from the following options: No Alert, Informative, Low, Medium, or High.
IP Group Name Comma-separated list of IP group names for blocking IP addresses or networks using the web service custom policy that you want to create or update on Imperva SecureSphere WAF.
IP Address Comma-separated list of IP addresses that you want to block using the web service custom policy that you want to create or update on Imperva SecureSphere WAF.  

Output

The output contains the following populated JSON schema:
{
     "result": "",
     "status": ""
}

operation: Get All Web Service Custom Policies

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
     "result": [
         {
             'customWebPolicies': []
         }
     ],
     "status": ""
}

operation: Get Web Service Custom Policy Details

Input parameters

Parameter Description
Web Service Custom Policy Name Name of the web service custom policy whose details you want to retrieve from Imperva SecureSphere WAF.

Output

The output contains the following populated JSON schema:
{
     "result": {
         "matchCriteria": [
             {
                 "operation": "",
                 "type": "",
                 "ipGroups": [],
                 "userDefined": []
             }
         ],
         "displayResponsePage": "",
         "enabled": "",
         "oneAlertPerSession": "",
         "applyTo": [
             {
                 "siteName": "",
                 "webServiceName": "",
                 "serverGroupName": ""
             }
         ],
         "severity": "",
         "action": "",
         "followedAction": ""
     },
     "status": ""
}

operation: Get IP Group

Input parameters

Parameter Description
IP Group Name Name of the IP group whose rows you want to retrieve from Imperva SecureSphere WAF.

Output

The output contains the following populated JSON schema:
{
     "result": [
         {
             "type": "",
             "ipAddressFrom": ""
         }
     ],
     "status": ""
}

operation: Update IP Group

Input parameters

Parameter Description
IP Group Name Name of the IP group that you want to update on Imperva SecureSphere WAF.
IP/Network/Range Comma-separated list of IP addresses, networks, or range that you want to update in the IP group you have specified on Imperva SecureSphere WAF.
Action Action that you want to perform, i.e., you can add or remove rows in the IP group that you have specified on Imperva SecureSphere WAF.

Output

The output contains the following populated JSON schema:
{
     "result": "",
     "status": ""
}

operation: Update Policy to Unblock IP

Input parameters

Parameter Description
Web Service Custom Policy Name Name of the web service custom policy that you want to update on Imperva SecureSphere WAF to unblock IP addresses or IP groups.
Severity Severity of the existing web service custom policy that you want to update on Imperva SecureSphere WAF.
You can choose from the following options: No Alert, Informative, Low, Medium, or High.
IP Group Name Comma-separated list of IP group names for unblocking IP addresses, networks, or range using the web service custom policy that you want to update on Imperva SecureSphere WAF.
IP Address Comma-separated list of IP addresses that you want to unblock using the web service custom policy that you want to update on Imperva SecureSphere WAF.  

Output

The output contains the following populated JSON schema:
{
     "result": "",
     "status": ""
}

Included playbooks

The Sample - Imperva SecureSphere WAF - 1.0.0 playbook collection comes bundled with the Imperva SecureSphere WAF connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Imperva SecureSphere WAF connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.