Imperva Cyber Community

Expand all | Collapse all

Automation for whitelisting/blacklisting policy

  • 1.  Automation for whitelisting/blacklisting policy

    Posted 11-29-2020 22:50
    Hi Community Members,

    Recently, we have been getting a lot of requests to whitelist / blacklist IPs as a part of annual pentest or operational wise whitelisting/blacklisting. It is quite time consuming, especially if there are many IPs to be whitelisted, manually. I am thinking of automating this via API in our Jenkins pipeline. 

    Need some kind of advice on how to go about it? I know there are API calls for creating whitelisting/blacklisting policies and then applying them to the assets in incapsula. But i am not able to get how to implement it in the pipeline?

    Appreciate the assistance here.
    #CloudWAF(formerlyIncapsula)

    ------------------------------
    Nikhil Chodankar
    Prudential Services Asia
    ------------------------------


  • 2.  RE: Automation for whitelisting/blacklisting policy

    Community Manager
    Posted 12-01-2020 09:12
    @Nikhil Chodankar

    I spoke to @Abhishek Gupta about this and he is going to reply to this post. Give him some time. It's a really good question!​

    ------------------------------
    Christopher Detzel
    Community Manager
    Imperva
    ------------------------------



  • 3.  RE: Automation for whitelisting/blacklisting policy

    Posted 12-01-2020 09:39
    Thank you , @Christopher Detzel . Awaiting for @Abhishek Gupta's reply. This will help a lot in operations.​​​

    ------------------------------
    Nikhil Chodankar
    Prudential Services Asia
    ------------------------------



  • 4.  RE: Automation for whitelisting/blacklisting policy

    Imperva Employee
    Posted 12-07-2020 15:25
    Hi Nikhil,

    One of the critical coverage for Continuous Deployment is having a Pipeline that can automate deployment by interacting with different tools/services defining the completeness/maturity of the pipeline.  There is a need for Jenkins pipeline to create remote API calls like creating whitelist/ACL for new site.

    If a default policy is created - there is no need to add new policy for the new site, it is assigned for default policy to account - like country block or scanner ip to be in whitelist.         
    If there is a need for new policy to be added to new or existing site - please use the API for it documented at  https://docs.imperva.com/bundle/cloud-application-security/page/policies-api-definition.htm

    In case you like to automate via Jenkins pipeline a good flow is documented here, but this depends on your environment and code usage.  
    https://www.openmakesoftware.com/restful-json-api-calls-jenkins-pipeline/
    https://stackoverflow.com/questions/58654869/how-can-i-call-a-rest-api-from-jenkins-pipeline-script-when-the-node-my-script-r

    Let me know if his helps your query.  



    ------------------------------
    Abhishek Gupta
    Customer Success team
    Imperva
    ------------------------------



  • 5.  RE: Automation for whitelisting/blacklisting policy

    Posted 12-08-2020 09:04
    Hi @Abhishek Gupta

    We have a policy which has Qualys IPs which needs to be whitelisted for all the application and that I have made it as default policy.

    my requirement mainly focus on day to day whitelisting requests made by teams for example for pentest or few other scenarios. Your link might be definitely be useful. I'll have a look at it. Will reach out if I need any further help 


    ------------------------------
    Nikhil Chodankar
    Prudential Services Asia
    ------------------------------