Hi Shantanu,
thank you very much for your help. Unfortunately I tried to install postman and some other API clients on my work PC but it won't let me run them, not even the portable versions.
I think anyway that the encoding is correct. I also used some other website to double check the username:password string and they all give me the same result. I also tried to look for logs on the MX containing "apiuser" or part of the encoded string, but nothing found (in all /var/log and /opt/SecureSphere).
I have no idea what else I can try or where to look for logs...
Thanks for your replies, I really appreciated that!
Fabio
------------------------------
Fabio Bosatelli
------------------------------
Original Message:
Sent: 08-20-2020 11:23
From: Shantanu Chaurasia
Subject: Integration with Imperva SecureSphere api question
Hi Fabio,
Try authentication using an API client, for example postman. Use same username and password and see whats the output of encoding. This way you can see if encoding is incorrect.
Thanks
------------------------------
SC
Original Message:
Sent: 08-20-2020 11:17
From: Fabio Bosatelli
Subject: Integration with Imperva SecureSphere api question
Hi Jim,
thanks for the quick reply!
Actually I just made up the encoded string (I took the original one and just replaced some characters). In the original one I did:
openssl enc -base64 <<< 'apiuser:APIUSERPASSWORD'
In which case I would get "YXBpdXNlcjpBUElVU0VSUEFTU1dPUkQ="
I wanted to make sure I'm doing things properly and I don't need to give some sort of "API permissions" to the user or something else. There's not much I can do wrong in this part, but for some reason I only get bad credentials :(
------------------------------
Fabio Bosatelli
Original Message:
Sent: 08-20-2020 11:12
From: Jim Burtoft
Subject: Integration with Imperva SecureSphere api question
The encoded string should be username:password. It looks like yours is just a password.
For instance, jim as the user and Impervais#1 as the password, the encoded string should be amltOkltcGVydmFpcyMx
(Also, this is a public forum, so don't post any encoded strings with real passwords :)
Jim
------------------------------
Jim Burtoft
Imperva
PA
Original Message:
Sent: 08-20-2020 10:41
From: Fabio Bosatelli
Subject: Integration with Imperva SecureSphere api question
Hi Jim,
thanks for this link, I think it's very useful to get some practical examples.
However, I'm still stuck at the authentication phase. I created a new user in our test environment (apiuser) gave it Admin rights, logged in with that user and changed its password, and followed the example in the ZIP:
openssl enc -base64 <<< 'apiuser:APIUSERPASSWORD'
# I get for example: YXBpdXhbefahsFuZ2VtZTIK
curl -ik -X POST https://MY_MY_IP:8083/SecureSphere/api/v1/auth/session -H "Authorization: Basic YXBpdXhbefahsFuZ2VtZTIK"
But the answer is always:
HTTP/1.1 401 Unauthorized
Set-Cookie: JSESSIONID=7FDBCB1602EF6F865EF3CF4106167482; Path=/SecureSphere; Secure; HttpOnly
Content-Security-Policy: frame-ancestors 'self'
WWW-Authenticate: Basic realm="Open API"
Secsph-Request-Id: 294814241117554424
Content-Length: 71
Date: Thu, 20 Aug 2020 14:33:38 GMT
Server: NA
{"errors":[{"error-code":"IMP-10063","description":"Bad credentials"}]}
Am I missing something? Should I create the user in another way?
Thank you!
Fabio
------------------------------
Fabio Bosatelli
Original Message:
Sent: 06-02-2020 13:34
From: Jim Burtoft
Subject: Integration with Imperva SecureSphere api question
Check out the API_lookup_dataset.txt in the example files zip at
https://github.com/imperva/imperva-web-api-composer/blob/master/src/assets/CURL_API_Samples_SecureSphere.zip
That will give you some examples of the API calls to add to a lookup set. You can then use the lookup set in your policy, like this:
------------------------------
Jim Burtoft
Imperva
PA
Original Message:
Sent: 06-01-2020 23:08
From: abdo yousri
Subject: Integration with Imperva SecureSphere api question
Thanks Jim for your answer.
We want to do the first choice. We have another solution (SOAR platform) and we want to give the admin the capability to block users on SecureSphere from our SOAR platform. My understanding now is that we should create a list of limited users on SecureSphere then just add users to it through the api. Please correct me if I am wrong.
Thanks and Regards,
------------------------------
abdo yousri
Original Message:
Sent: 06-01-2020 14:18
From: Jim Burtoft
Subject: Integration with Imperva SecureSphere api question
I'm not clear on your question.
Do you want to add an identified user to a list of "limited users" through our API when they meet some external criteria?
Or do you want Imperva to identify the user action (touching a certain table, taking more than 100,000 rows of data, etc.) and then put a restriction in place? (block the IP, terminate the session, etc.) and create this through the API?
Or do you want to call an outside API through a script as a followed action when the user does some activity?
Jim
------------------------------
Jim Burtoft
Imperva
PA
Original Message:
Sent: 05-31-2020 16:14
From: abdo yousri
Subject: Integration with Imperva SecureSphere api question
dears,
My client have Imperva SecureSphere and wants a script to Initiate an action to restrict user activity on DB using it's api documentation. I can see in the documentation calls like creating a new policy and applying it to service but the request body is not documented so I can't alter it's fields properly.
My question is which calls should I use and how can I alter the request body if this action applicable through the api.
Regards,
#DatabaseActivityMonitoring
------------------------------
abdo yousri
------------------------------