Image found here: https://unsplash.com/photos/qwtCeJ5cLYs
GitHub tools can transform the user experience for efficiency-oriented Imperva customers.
All SaaS products must constantly change to meet user demands in a dynamic environment. Imperva’s Cloud WAF solution is no different.
In fact, Imperva’s success in this challenging field relies partly on being able to regularly update its reputation intelligence databases and share critical information between its customers. Cloud-based infrastructure is ideally suited for this task because it allows for seamless on-the-fly updating.
But the team at Imperva understands that each customer’s use case is unique. It is not always possible to establish a one-size-fits-all approach for handling website protection cases, end-user accounts, and intelligence services efficiently for everybody.
This is where the public repository of GitHub tools can be incredibly useful. Current and former Imperva employees have contributed a variety of useful tools to the user community through GitHub, enabling Imperva customers to streamline some of their most time-consuming tasks.
Listen to this webinar for the full details on how the Github tools simplifies the usage of the Reputation Intelligence Service
In the next series of articles, we’re going to talk about three of these tools and how they can help customers better manage their cybersecurity processes.
The Imperva GitHub is a public repository of GitHub tools that can be incredibly useful to you. There are different types of tools that can be found which can enhance the usage of the Imperva products and some generic tools as well.
These tools have been developed by Imperva employees. As they are open source tools you need to be aware that they are not officially maintained and supported. On the other hand, you can clone them, customize and fix them, reverse engineer them and do whatever you want in order to get the most out of them.
The three tools are using the Cloud APIs in order to get the data. The process of creating API keys for your users can be found here.
Introducing Account-Level-Dashboard
The first tool we’ll talk about is called account-level-dashboard. This tool streamlines customers’ ability to quickly review sites information and statistics at account level.
Customers who manage multiple sites in their account find the process of switching between individual sites dashboards annoying and time-consuming. Account-level-dashboard solves this problem by providing a comprehensive overview of all user sites under a customer’s purview.
This tool runs on Node.JS provides a single point of reference for a broad variety of useful data at account level. Some of these include:
- Activated Licenses. At a glance, you can quickly see which features are enabled for this account.
- Traffic Utilization. A helpful graph shows 95-percentile traffic utilization for the last three months, indicating how the account has handled traffic fluctuation according to each segment of the billing cycle.
- Executive Summary Assessment. Imperva customers can quickly see how many sites they have fully configured, how many sites have blocked security settings, and what the ratio between configured and purchased sites is for their account environment.
- Security Assessment Summary. Here you can see site configuration data in greater detail, the number of explicit security events per OWASP-defined threats, and the number of custom or DDoS-related security events have occurred.
- Human vs. Bot Visitor Ratio. Account-level-dashboard users can quickly see the ratio of human visitors vs. number of bots.
- Performance Assessment Summary. This is where users can see the total traffic (expressed in gigabytes), caching ratio, and historical site configuration trends. Users can also review the amount of accumulated cached bandwidth in the account.
- Map of Visitors Per Country for All Sites. This useful map shows where website visitors are coming from for all sites included in the account. This makes local and geo-specific threat patterns emerge in a way that is plain to see without having to infer locations directly from data.
All of these statistics can be extended over multiple time frames. With a single click, security professionals can look at all of the account-level-dashboard data for the last 7 days, the last 30 days, or the last 90 days.
This makes account-level-dashboard a useful tool for generating highly visual executive reports. Being able to convert security data directly into a form that non-technical leadership members can intuitively understand is a core value for busy security professionals in the enterprise environment.
Detailed Tables for Expert Users
The tool also includes a detailed table view ideal for expert users. Rather than providing an executive summary-style overview of account performance, the Detailed Tables view offers a granular, itemized list of security accounts under protection and their respective statuses.
In the Detailed Tables view, you can quickly see how each site is configured to protect backdoor attacks, SQL injection attacks, cross-site scripting attacks, DDoS attacks, and more. You can quickly determine whether all of your websites have correct configurations, and identify areas where you may need to address threats with a higher degree of scrutiny. You can also see cache/DNS settings. Black/white lists, delivery rules, etc.
In the next article we will review the site-protection-viewer tool. These tools complement each other as the account-level-dashboard provides information in multiple screens including data visualization, whereas the site-protection-viewer is simpler to use but provides less information. Another difference between the tools is that the site-protection-viewer also checks direct access to the site origin servers.
Learn More with the Imperva Community
The Imperva Community is a great place to learn more about how to use Imperva cyber security technologies like API Security, Cloud WAF, Advanced Bot Protection, DDoS Protection, and more to establish efficient, secure processes for enterprise networks. Rely on the expertise of Imperva partners, customers and technical experts.
Related Content:
New Cloud WAF GitHub Tools, Part Three: Multi-IP-Rep-Retriever
New Cloud WAF GitHub Tools, Part Two: Site-Protection-Viewer