Imperva Cyber Community

Expand all | Collapse all

Integration with Imperva SecureSphere api question

  • 1.  Integration with Imperva SecureSphere api question

    Posted 06-01-2020 04:03
    dears,

    My client have  Imperva SecureSphere and wants a script to Initiate an action to restrict user activity on DB using it's api documentation. I can see in the documentation calls like creating a new policy and applying it to service but the request body is not documented so I can't alter it's fields properly.

    My question is which calls should I use and how can I alter the request body if this action applicable through the api.

    Regards,
    #DatabaseActivityMonitoring

    ------------------------------
    abdo yousri
    ------------------------------


  • 2.  RE: Integration with Imperva SecureSphere api question

    Imperva Employee
    Posted 06-01-2020 14:18
    I'm not clear on your question.  

    Do you want to add an identified user to a list of "limited users" through our API when they meet some external criteria?  

    Or do you want Imperva to identify the user action (touching a certain table, taking more than 100,000 rows of data, etc.) and then put a restriction in place?  (block the IP, terminate the session, etc.) and create this through the API?

    Or do you want to call an outside API through a script as a followed action when the user does some activity?

    Jim

    ------------------------------
    Jim Burtoft
    Imperva
    PA
    ------------------------------



  • 3.  RE: Integration with Imperva SecureSphere api question

    Posted 06-01-2020 23:08
    Thanks Jim for your answer.

    We want to do the first choice. We have another solution (SOAR platform) and we want to give the admin the capability to block users on SecureSphere from our SOAR platform. My understanding now is that we should create a list of limited users on SecureSphere then just add users to it  through the api. Please correct me if I am wrong.

    Thanks and Regards,

    ------------------------------
    abdo yousri
    ------------------------------



  • 4.  RE: Integration with Imperva SecureSphere api question

    Imperva Employee
    Posted 06-02-2020 13:34
    Check out the API_lookup_dataset.txt in the example files zip at 
    https://github.com/imperva/imperva-web-api-composer/blob/master/src/assets/CURL_API_Samples_SecureSphere.zip

    That will give you some examples of the API calls to add to a lookup set.  You can then use the lookup set in your policy, like this:

    Also, if you are pulling the information from an external repository like LDAP, you can look at our Data Enrichment policies to avoid the API completely.

    Jim


    ------------------------------
    Jim Burtoft
    Imperva
    PA
    ------------------------------



  • 5.  RE: Integration with Imperva SecureSphere api question

    Posted 08-20-2020 10:41

    Hi Jim,

    thanks for this link, I think it's very useful to get some practical examples.

    However, I'm still stuck at the authentication phase. I created a new user in our test environment (apiuser) gave it Admin rights, logged in with that user and changed its password, and followed the example in the ZIP:

    openssl enc -base64 <<< 'apiuser:APIUSERPASSWORD'
    # I get for example: YXBpdXhbefahsFuZ2VtZTIK
    curl -ik -X POST https://MY_MY_IP:8083/SecureSphere/api/v1/auth/session -H "Authorization: Basic YXBpdXhbefahsFuZ2VtZTIK"

    But the answer is always:
    HTTP/1.1 401 Unauthorized
    Set-Cookie: JSESSIONID=7FDBCB1602EF6F865EF3CF4106167482; Path=/SecureSphere; Secure; HttpOnly
    Content-Security-Policy: frame-ancestors 'self'
    WWW-Authenticate: Basic realm="Open API"
    Secsph-Request-Id: 294814241117554424
    Content-Length: 71
    Date: Thu, 20 Aug 2020 14:33:38 GMT
    Server: NA

    {"errors":[{"error-code":"IMP-10063","description":"Bad credentials"}]}

    Am I missing something? Should I create the user in another way?

    Thank you!
    Fabio



    ------------------------------
    Fabio Bosatelli
    ------------------------------



  • 6.  RE: Integration with Imperva SecureSphere api question

    Imperva Employee
    Posted 08-20-2020 11:13
    The encoded string should be username:password.  It looks like yours is missing the colon. (Your openssl command isn't working as expected.  If I put that string into https://www.base64decode.org/ it looks munged.)

    For instance, jim as the user and Impervais#1 as the password, the encoded string should be amltOkltcGVydmFpcyMx


    Jim

    ------------------------------
    Jim Burtoft
    Imperva
    PA
    ------------------------------



  • 7.  RE: Integration with Imperva SecureSphere api question

    Posted 08-20-2020 11:17
    Hi Jim,

    thanks for the quick reply!

    Actually I just made up the encoded string (I took the original one and just replaced some characters). In the original one I did:
    openssl enc -base64 <<< 'apiuser:APIUSERPASSWORD'
    In which case I would get "YXBpdXNlcjpBUElVU0VSUEFTU1dPUkQ="

    I wanted to make sure I'm doing things properly and I don't need to give some sort of "API permissions" to the user or something else. There's not much I can do wrong in this part, but for some reason I only get bad credentials :(

    ------------------------------
    Fabio Bosatelli
    ------------------------------



  • 8.  RE: Integration with Imperva SecureSphere api question

    Posted 08-20-2020 11:24
    Hi Fabio,

    Try authentication using an API client, for example postman. Use same username and password and see whats the output of encoding. This way you can see if encoding is incorrect.

    Thanks

    ------------------------------
    SC
    ------------------------------



  • 9.  RE: Integration with Imperva SecureSphere api question

    Posted 08-20-2020 14:58
    Hi Shantanu,

    thank you very much for your help. Unfortunately I tried to install postman and some other API clients on my work PC but it won't let me run them, not even the portable versions.

    I think anyway that the encoding is correct. I also used some other website to double check the username:password string and they all give me the same result. I also tried to look for logs on the MX containing "apiuser" or part of the encoded string, but nothing found (in all /var/log and /opt/SecureSphere).

    I have no idea what else I can try or where to look for logs...

    Thanks for your replies, I really appreciated that!
    Fabio

    ------------------------------
    Fabio Bosatelli
    ------------------------------



  • 10.  RE: Integration with Imperva SecureSphere api question

    Imperva Employee
    Posted 08-20-2020 15:08
    Try changing the order of your parameters.  This is what I use:

    curl -ik -X POST -H "Authorization: Basic YWRtaW5wYXNzd29yZA==" https://192.168.2.5:8083/SecureSphere/api/v1/auth/session

    ------------------------------
    Jim Burtoft
    Imperva
    PA
    ------------------------------



  • 11.  RE: Integration with Imperva SecureSphere api question

    Posted 08-20-2020 15:13
    Mmh, still no luck...it seems the request goes through, but it always ends up with 401.

    Is there anywhere in Imperva where I can see API requests and perhpas get more information about why it fails?

    ------------------------------
    Fabio Bosatelli
    ------------------------------



  • 12.  RE: Integration with Imperva SecureSphere api question

    Posted 08-20-2020 15:15
    Just to be sure: the API user I use for the authentication has to be configured like any other normal user in the MX, correct?

    ------------------------------
    Fabio Bosatelli
    ------------------------------



  • 13.  RE: Integration with Imperva SecureSphere api question

    Imperva Employee
    Posted 08-20-2020 15:21
    Yes, it should be a regular user.   You should test your user by logging into the interface (make sure you don't have an expired password or an expired license or anything).

    Also, you can try it with the admin user/password.

    Jim


    ------------------------------
    Jim Burtoft
    Imperva
    PA
    ------------------------------



  • 14.  RE: Integration with Imperva SecureSphere api question

    Imperva Employee
    Posted 08-20-2020 16:00
    I set up a user for you in my lab (I'll PM you the details). 

    However, I noticed two things:
    1. After you create the user for the API, you must log into the GUI as them to set a password
    2. usernames are case sensitive in the GUI and API

    Once I fixed both of those, everything worked for me. 

    Jim

    ------------------------------
    Jim Burtoft
    Imperva
    PA
    ------------------------------



  • 15.  RE: Integration with Imperva SecureSphere api question

    Posted 08-21-2020 04:50
    Hi Jim,

    thank you very much! I managed to get 200 with your MX and, by re-using exactly the same credentials on our on-premise MX, that also worked. As suggested by @Shantanu Chaurasia I guess there was some problem with the encoding, maybe I got the same result from different encoders because of an oversight.

    For the future this should make it anyway:

    Thank you so much for your help!
    Fabio

    ------------------------------
    Fabio Bosatelli
    ------------------------------



  • 16.  RE: Integration with Imperva SecureSphere api question

    Imperva Employee
    Posted 08-21-2020 08:23
    Hi Fabio,

    are you still facing this issue? I could be available for quick call today (as we are on the same timezone ;-)) and walk through my lab 

    Regards from Germany
    Julian

    ------------------------------
    Julian Iavarone
    ------------------------------



  • 17.  RE: Integration with Imperva SecureSphere api question

    Posted 08-24-2020 04:58
    Hi Julian,

    thanks for your message! The authentication issue seems to be solved. (y)

    Not sure if we eventually go on with scripting, but if we do, I'm sure new problems will come out and I'll need expert support then :)

    Many thanks,
    Fabio

    ------------------------------
    Fabio Bosatelli
    ------------------------------



  • 18.  RE: Integration with Imperva SecureSphere api question

    Imperva Employee
    Posted 08-24-2020 09:31
    We're always interested in how customers are using the API.  If you don't mind sharing your use case (a direct message is fine), I'd appreciate knowing what you are trying to do.

    I also encourage you to check out https://github.com/imperva/imperva-sdk-python/blob/master/docs/quickstart.rst

    The Imperva SDK has the ability to automate a lot of tasks out of the box, with the API calls ready embedded.  You can just call the python scripts with a few parameters. 

    Jim

    ------------------------------
    Jim Burtoft
    Imperva
    PA
    ------------------------------



  • 19.  RE: Integration with Imperva SecureSphere api question

    Community Manager
    Posted 08-24-2020 11:27
    @Fabio Bosatelli, looks like you got what you needed. This was a really good collaboration post. One of my favorites to date.  ​

    ------------------------------
    Christopher Detzel
    Community Manager
    Imperva
    ------------------------------



  • 20.  RE: Integration with Imperva SecureSphere api question

    Posted 08-26-2020 04:50
    Hi @Christopher Detzel, yes, thank you to everyone who helped!​​

    ------------------------------
    Fabio Bosatelli
    ------------------------------