Imperva Cyber Community

A while back I received input from several customers using Imperva’s Data Risk Analytics product (aka DRA).  The input was that they did not currently have an easy way to show to upper management the value of the DRA. It is true that there is no formal functionality that does that, but DRA has APIs!

APIs are very powerful when you want to enhance the usage of your product and augment the functionality (BTW, most of the Imperva products have APIs. You can search in the Imperva documentation portal here).

I decided to use these APIs to fill this temporary gap and provide a relatively simple way for DRA users to create reports on the current status of DRA in their environment.  For example: “The number of open and closed events and accumulative data that can be used to create graphs.”

Introducing the dra-reporter
The dra-reporter tool can be found in the public Imperva GitHub repository (where you can find a lot of other useful tools). It was developed using DRA version 3.1 which introduced some new capabilities to the APIs that were not available in earlier versions. These include the information about closed incidents which I use in my tool. It was also tested on older versions. In this case the tool will detect this automatically and closed incidents will not be displayed.

How does it work?
I will leave all the technical details on how to install and exact setting parameters to the tool documentation and will focus in this blog on actual usage. This tool is implemented in Node.js. It is important to know because in order to run it you must have a machine (it can be a VM) that has Node.js installed on it and several packages. I am aware of the fact that in some cases it is not that easy to install such a “machine” in the production environment. But once you install it and download the dependencies, it does not have to be connected to the internet any more.

How do you use it?
Usage is very simple. You will need to create an API user for your DRA, as described here and add the credentials to the tool settings file. Then you run the tool and get the following:

• An html file with shows you the statistics of number of open and closed (only DRA v3.1 and greater) incidents per type in your DRA (since last DRA purge) and a table showing the number of incidents per type opened in the last 7 (this can be changed) days. See example:

• A CSV file containing the above.
• A CSV file containing the accumulative information on open incidents since last DRA purge per period of time until present (default is 14).
  This file is really great if you want to generate graphs on different statistics and embed them in the reports going to your management. Or you can decide to feed it into your reporting tool (yeah, I even added epoch time). See example:

Below you can see an excel sheet with an example of graphs to which you can copy your data and update these graphs, but of course you can create whatever graphs you want. See example:

If you have configured Incident responders, you can also get (by enabling this in the settings file) the above files per Incident responder.

Another feature about this tool, is that you can take the code, enhance it, fix bugs, reverse engineer it or do whatever you want to create some other cool functionality.  For example, you can add some cool graphs and GUI (I was too lazy to do this). And if you want to share these enhancement with the Imperva community, please do so. I am sure there will be a lot of grateful users.

Now that you understand how easy this tool is, download it and use it.

If you have any questions/suggestions/issues please reach out to the community and post a question here or add a comment to this blog” and I will make sure to answer the questions as best I can.

Additionally, if you want to do a deep dive into the Imperva Data Risk Analytics product, please watch the video here.  You will need to either login to the community or create a new login to view the video.