About Imperva
Imperva Incapsula Cloud WAF protects against known and unknown threats, including all OWASP top 10 and zero-day threats. Its dynamic application profiling and correlated attack validation accurately detect attacks and minimize false positives. This solution allows for a significant reduction in the probability of DDoS attacks at the network, protocol, and application levels.
Combining these powerful analytics with SIRP enables the security teams to detect threats with exceptional accuracy and block only bad traffic.
SIRP also integrates with Imperva Secure Sphere App to provide operational and analytical dashboards for enhanced visibility on your monitoring for in-depth analysis of attacks.
With Imperva Secure Sphere, alerts can be easily searched, sorted, and directly linked to corresponding security rules. Secure Sphere's monitoring and reporting framework provide instant visibility into security, compliance, and content delivery concerns. A real-time dashboard provides a high-level view of system status and security events.
Supported Actions
SIRP’s Imperva integration app allows you to execute the following actions:
Action | Description |
Get Attacking Countries Stats | To fetch Country wise stats of attack sources from Incapsula WAF in the SIRP platform. |
Threat Type Stats | To fetch stats of different attacks categorized as Threat types from Incapsula WAF. |
Total Visits Per Site | To get user-wise stats of total visits per site. |
Enable and Configure Imperva App
In the Cloud Security Console, on the sidebar, click Management > API Keys
Click Add API Key to generate the API ID and Key.
3. Copy the details from the popup window. Once the pop-up window with the generated ID & key is closed, you will no longer be able to retrieve the key.
API key expiration
When you create or reset an API key, you can set an expiration date. By default, API keys do not expire.
You can select the following time periods for expiration:
3 months
6 months
1 year
Never
Configure SIRP Application
Login to SIRP, then go to Apps from the left navigation bar.
Locate the app named Imperva.
Enable the Imperva app by clicking on the toggle button under the Status column.
4. A new window will pop-up asking for information such as:
API-ID: <API ID copied from Imperva>
API-Key: <API Key copied from Imperva>
Account-ID: <Account ID copied from Imperva>
Sender-Email: <Configured from Imperva>
Receiver Email: <Receiver Email>
Password: <Password>
SMTP-Server: <SMTP Server>
SMTP-Server-Port: <SMTP Server Port>
5. Click Save.
Enablement of Imperva API-based Stats Ingestion
In order to start ingesting custom stats from Imperva through API, you need to create three new ingestion sources and enable them.
1. Go to the Administration section from the left-hand navigation bar
2. Go to Apps > Ingestion Sources
3. Click on Add Source
4. Fill the fields in the popup forms as shown in the images above:
Name: Imperva CloudWAF (This can be any name to distinguish the ingestion source such as Threats, Visits, Attacks Breakdown)
Ingestion Method: API
Ingestion Type: Stats
Widget Name: Graph (Website, Percent, Attacks)
Frequency: Every 5 min (SIRP will Imperva every 5 minutes to check for new stats)
Opened By: Select a user from the dropdown
Applications: Select the Incapsula Cloud WAF application
Actions: Select any of the following actions.
get_attacking_countries_stats
get_threat_type_stats
get_total_site_visits
Format: JSON
5. Click the Create or Update button to create the new ingestion source.
After creating these ingestion sources, you will be able to ingest Top Attacks on the website via WAF into SIRP.