Imperva Incapsula Cloud WAF 2.0.0
App Vendor: Imperva
App Category: Network Security
Connector Version: 2.1.2
API Version: v2
About App
Imperva Incapsula Cloud WAF integrates with Imperva Incapsula, a cloud-based web application firewall (WAF) providing protection, incident analysis, and reputation intelligence services.
Imperva Incapsula Cloud WAF app is configured with Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Get All Policies | This action retrieves the policies in an account. |
Get Incident Event Sample | This action retrieves a sample of the events that comprise an incident. |
Get Incident Statistics | This action retrieves the incident statistics. |
Get Insights | This action retrieves a collection of general insights. |
Get IP Reputation Intelligence | This action retrieves reputation intelligence details of an IP address. |
Get Policy Details | This action retrieves the details of a policy. |
List Incidents | This action retrieves a list of incidents between the provided timestamp boundaries. |
Modify Policy | This action modifies a policy for a partial update. |
Overwrite Policy | This action overwrites a policy for a full update. |
Generic Action | This is a generic action used to make requests to any endpoint. |
Configuration Parameters
The following configuration parameters are required for the Imperva Incapsula Cloud WAF app to communicate with the Imperva Incapsula Cloud WAF enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Account ID | Enter the account ID of your Imperva Incapsula Cloud WAF account. | Text | Required | |
API ID | Enter an API ID to access the Imperva Incapsula Cloud WAF application. | Text | Required | |
API Key | Enter an API key to access the Imperva Incapsula Cloud WAF application. | Password | Required | |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection to the Imperva API. | Boolean | Optional | By default, this is enabled. |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Imperva Incapsula Cloud WAF. | Integer | Optional | Allowed range: 15-120 Default value: 15 |
Action: Get All Policies
This action retrieves the policies in an account.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Extended | Set this to true to retrieve all policy data. | Boolean | Optional | Default value: false Allowed values:
By default, the response returns basic policy details such as name, ID, and policy type. |
Example Request
[
{
"extended": true
}
]Action: Get Incident Event Sample
This action retrieves a sample of the events that comprise an incident.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Incident ID | Enter an incident ID to retrieve an event sample. Example: 10012310000125458-62415373904520 | Text | Required | An incident ID is of the format <Session ID>-<Request ID>. You can retrieve an incident ID using the action List Incidents. |
Example Request
[
{
"incident_id": "10012310000125458-6241537390452"
}
]Action: Get Incident Statistics
This action retrieves the incident statistics.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Incident ID | Enter an incident ID to retrieve incident statistics. Example: 10012310000125458-6241537390452 | Text | Required | An incident ID is of the format <Session ID>-<Request ID>. You can retrieve an incident ID using the action List Incidents. |
Example Request
[
{
"incident_id": "10012310000125458-6241537390452"
}
]Action: Get Insights
This action retrieves a collection of general insights.
Action Input Parameters
This action does not require any input parameters.
Action: Get IP Reputation Intelligence
This action retrieves reputation intelligence details of an IP address.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP Address | Enter an IP address to retrieve its reputation intelligence details. Example: 10.10.10.12 | Text | Required |
Example Request
[
{
"ip_address": "10.10.10.12"
}
]Action: Get Policy Details
This action retrieves the details of a policy.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Policy ID | Enter a policy ID to retrieve details of a policy. Example: 234 | Integer | Required | You can retrieve a policy ID using the action Get All Policies. |
Extended | Set this to true to retrieve all policy data. Example: true | Boolean | Optional | Default value: false Allowed values:
By default, the response returns basic policy details such as name, ID, and policy type. |
Example Request
[
{
"policy_id": 234,
"extended": true
}
]Action: List Incidents
This action retrieves a list of incidents between the provided timestamp boundaries.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
From Timestamp | Enter the time (in epoch time format) from which incident records need to be fetched. Example: 1625843753000 | Integer | Required | The earliest time boundary for returned incidents is specified as a number of milliseconds since midnight 1970. |
To Timestamp | Enter the time (in epoch time format) up to which incident records need to be fetched. Example: 1625843754000 | Integer | Required | The latest time boundary for returned incidents is specified as a number of milliseconds since midnight 1970. |
Example Request
[
{
"to_timestamp": 1625843754000,
"from_timetamp": 1625843753000
}
]Action: Modify Policy
This action modifies a policy for a partial update.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Policy ID | Enter a policy ID to modify a policy. Example: 1234 | Integer | Required | You can retrieve a policy ID using the action Get All Policies. |
Policy Details | Enter the policy details that you need to update in JSON format. Example: {'name': 'block ip policy', 'enabled': true,'accountid': 10,'defaultpolicyconfig':[{'id': 10,'accountid': 10,'assettype': 'website','policyid': 8}]} | Any | Required |
Example Request
[
{
"policy_id":1234,
"policy":{
"name":"block ip policy",
"enabled":true,
"accountid":10,
"defaultpolicyconfig":[
{
"id":10,
"accountid":10,
"assettype":"website",
"policyid":8
}
]Action: Overwrite Policy
This action overwrites a policy for a full update.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Policy ID | Enter a policy ID to overwrite a policy. Example: 1234 | Integer | Required | You can retrieve a policy ID using the action Get All Policies. |
Policy Details | Enter the policy details that you need to update in JSON format. Example: {'name': 'block ip policy','accountid': 10,'policytype': 'acl','defaultpolicyconfig': [{'id': 10,'assettype': 'website','policyid': 8}]} | Any | Required |
Example Request
[
{
"policy_id":1234,
"policy":{
"name":"block ip policy",
"accountid":10,
"policytype":"acl",
"defaultpolicyconfig":[
{
"id":10,
"assettype":"website",
"policyid":8
}
]
}Action: Generic Action
This is a generic action used to make requests to any endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values:
|
Endpoint | Enter the endpoint to make the request. Example: /api/vulnerabilities/{cve_id}/affected-projects | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional |