Imperva WAF
  • 2 Minutes to read
  • PDF

Imperva WAF

  • PDF

Article summary

About this document


This document describes the step-by-step procedure to configure Imperva WAF in SAFE.

Introduction


SAFE integrates with Imperva WAF, allowing you to assess the configuration of web applications protected by the Imperva WAF service. This integration checks for any misconfigurations in the WAF rules and includes them in the overall risk posture of the organization. The WAF controls in SAFE are included in different risk scenarios, such as DDoS, and having these controls in place can prevent certain types of cyber attacks.

Prerequisites


To configure Imperva in SAFE, you need the following details:

  • API ID and API Key: You need the Imperva WAF API ID and API Key to configure it in SAFE. You need an Imperva Console Administrator role to create these connection details.

Generate Connection Details


Follow the below steps to generate the API ID and API Key from Imperva WAF.

  1. Log in to your Imperva Cloud Security Console as Admin.
  2. Click the account drop-down available at the top-right corner of the home page and click Account Management.
    IW1
  3. Click Users under User Management from the left navigation.
  4. Click the Add User button available at the top-right corner of the screen.
    IW2
  5. Enter the Name and Email.
  6. Assign the Reader Role to the user by selecting the “Assign a role” radio button and selecting Reader from the drop-down.
    IW3
  7. Click the User created on the Users Page.
  8. In the right panel, click the Actions option and click the "Set as API-only use" option.
    IW4
  9. In the right panel, click the API Keys and then click the Add API Key.
    IW5
  10. Enter the Name, Description, and API Key Expiry time.
  11. Enable the Status button.
  12. Click the Save button to generate the API Key. The system displays the API ID and API Key.
    IW6
  13. Copy and save the API ID and the API Key to use while configuring Imperva WAF in SAFE.
    IW7

Configure Imperva WAF in SAFE


  1. Navigate to SAFE Hooks.
  2. Search and click the Imperva WAF card.
  3. Enter the Imperva API URL.
  4. Enter the API ID and API Key.
  5. Select the Auto-sync frequency.
  6. Click the Test Connection button.
  7. Once the connection is verified, click the Save button to save the configuration.
  8. Click the Sync Now button available at the bottom-right corner of the screen.

IW8

View Result


After a successful sync, the Imperva web application assets are automatically imported into SAFE.

View Assets

To view the assets pulled from Imperva:

  1. Click the See Updated Assets button available at the top-right of the History table.
  2. The system displays a filtered list of assets pulled from Imperva WAF.

View Findings

To view the findings:

Note
To view findings related to assets, they should be assigned to at least one group and its associated risk scenarios. The Findings view on the Risk Scenario page will present the findings list along with their respective details.
  1. Navigate to the Risk Scenario created for the Imperva WAF assets.
  2. Scroll down to the Findings section. Here you can see the finding details of the Imperva WAF assets.

Was this article helpful?

What's Next