Imperva WAF
  • 2 Minutes to read
  • PDF

Imperva WAF

  • PDF

Article summary

About this document


This document describes the step-by-step procedure to configure Imperva WAF in SAFE.

Introduction


SAFE integrates with Imperva WAF, allowing you to assess the configuration of web applications protected by the Imperva WAF service. This integration checks for any misconfigurations in the WAF rules and includes them in the overall risk posture of the organization. The WAF controls in SAFE are included in different risk scenarios, such as DDoS, and having these controls in place can prevent certain types of cyber attacks.

Prerequisites


To configure Imperva in SAFE, you need the following details:

  • API ID and API Key: You need the Imperva WAF API ID and API Key to configure it in SAFE. You need an Imperva Console Administrator role to create these connection details.

Generate Connection Details


Follow the below steps to generate the API ID and API Key from Imperva WAF.

  1. Log in to your Imperva Cloud Security Console as Admin.
  2. Click the account drop-down available at the top-right corner of the home page and click Account Management.
    IW1
  3. Click Users under User Management from the left navigation.
  4. Click the Add User button available at the top-right corner of the screen.
    IW2
  5. Enter the Name and Email.
  6. Assign the Reader Role to the user by selecting the “Assign a role” radio button and selecting Reader from the drop-down.
    IW3
  7. Click the User created on the Users Page.
  8. In the right panel, click the Actions option and click the “Set as API-only user” option.
    IW4
  9. In the right panel, click the API Keys and then click the Add API Key.
    IW5
  10. Enter the Name, Description, and API Key Expiry time.
  11. Enable the Status button.
  12. Click the Save button to generate the API Key. The system displays the API ID and API Key.
    IW6
  13. Copy and save the API ID and the API key to use while configuring Imperva WAF in SAFE.
    IW7

Configure Imperva WAF in SAFE


  1. Sign in to SAFE as Admin.
  2. Navigate to Safe Hooks.
  3. Search and click the Imperva WAF card.
  4. Enter your Imperva API URL.
  5. Enter the API ID and API Key.
  6. Select the Auto-sync frequency.
  7. Click the Test Connection button.
  8. Once the connection is verified, click the Save button to save the configuration.
  9. Click the Sync Now button available at the bottom-right corner of the screen.

IW8

View Result


After a successful sync, the Imperva web application assets are automatically imported into SAFE.

View Assets

To view the assets pulled from Imperva:

  1. Navigate to Technology > Assets
  2. Filter the asset list with Asset Type in Other Web Technologies.
    Or
    Filter the assets for the source equals security.safe.saas.imperva.
  3. Click on the Asset name.
  4. The system displays all the controls (WAF rules in this case) and their status for the WAF rules configured for that Web-Application.

IW9

View Risk Impact

To view the Risk Impact:

  1. Navigate to Risk Scenarios
  2. Select any Risk Scenario to see the impact of WAF controls.
    Example: DDoS risk scenario with filter for WAF controls on its actionable insights.

IW10


Was this article helpful?