Contents x
    Imperva WAF
    • 2 Minutes to read
    • Print
    • PDF
    Contents

    Imperva WAF

    • 2 Minutes to read
    • Print
    • PDF
    Article summary

    About this document

    This document describes the step-by-step procedure to configure Imperva WAF in SAFE.

    Introduction

    SAFE integrates with Imperva WAF, allowing you to assess the configuration of web applications protected by the Imperva WAF service. This integration checks for any misconfigurations in the WAF rules and includes them in the overall risk posture of the organization. The WAF controls in SAFE are included in different risk scenarios, such as DDoS, and having these controls in place can prevent certain types of cyber attacks.

    Prerequisites

    To configure Imperva in SAFE, you need the following details:

    • API ID and API Key: You need the Imperva WAF API ID and API Key to configure it in SAFE. You need an Imperva Console Administrator role to create these connection details.

    Generate Connection Details

    Follow the below steps to generate the API ID and API Key from Imperva WAF.

    1. Log in to your Imperva Cloud Security Console as Admin.
    2. Click the account drop-down available at the top-right corner of the home page and click Account Management.
      IW1
    3. Click Users under User Management from the left navigation.
    4. Click the Add User button available at the top-right corner of the screen.
      IW2
    5. Enter the Name and Email.
    6. Assign the Reader Role to the user by selecting the “Assign a role” radio button and selecting Reader from the drop-down.
      IW3
    7. Click the User created on the Users Page.
    8. In the right panel, click the Actions option and click the “Set as API-only user” option.
      IW4
    9. In the right panel, click the API Keys and then click the Add API Key.
      IW5
    10. Enter the Name, Description, and API Key Expiry time.
    11. Enable the Status button.
    12. Click the Save button to generate the API Key. The system displays the API ID and API Key.
      IW6
    13. Copy and save the API ID and the API key to use while configuring Imperva WAF in SAFE.
      IW7

    Configure Imperva WAF in SAFE

    1. Sign in to SAFE as Admin.
    2. Navigate to Safe Hooks.
    3. Search and click the Imperva WAF card.
    4. Enter your Imperva API URL.
    5. Enter the API ID and API Key.
    6. Select the Auto-sync frequency.
    7. Click the Test Connection button.
    8. Once the connection is verified, click the Save button to save the configuration.
    9. Click the Sync Now button available at the bottom-right corner of the screen.

    IW8

    View Result

    After a successful sync, the Imperva web application assets are automatically imported into SAFE.

    View Assets

    To view the assets pulled from Imperva:

    1. Navigate to Technology > Assets
    2. Filter the asset list with Asset Type in Other Web Technologies.
      Or
      Filter the assets for the source equals security.safe.saas.imperva.
    3. Click on the Asset name.
    4. The system displays all the controls (WAF rules in this case) and their status for the WAF rules configured for that Web-Application.

    IW9

    View Risk Impact

    To view the Risk Impact:

    1. Navigate to Risk Scenarios
    2. Select any Risk Scenario to see the impact of WAF controls.
      Example: DDoS risk scenario with filter for WAF controls on its actionable insights.

    IW10

    Was this article helpful?
    What's Next