Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  How have you built custom IncapRules to protect your applications?

    Posted 10-15-2019 15:57
    I have a lot of respect for the Incapsula product and support team engineers. Nicole Banks put on some great technical meetups when I was in Silicon Valley. The integration with the Imperva name does not seem to have hurt the product at all. I hope that the company is not abandoning users, as so many other big companies do. As small companies are absorbed, there is less value on any single user or user problem and the focus is on capturing the wallets of executives, rather than on putting out a good product and customer experience.

    I'm interested to hear how those using the Incapsula product have built custom IncapRules to protect your applications? Also, how are you currently simulating malicious traffic, or otherwise test IncapRules? 


    #CloudWAF(formerlyIncapsula)
    #AllImperva

    ------------------------------
    Lois Garcia
    Lead Engineer
    Target
    ------------------------------


  • 2.  RE: How have you built custom IncapRules to protect your applications?

    Posted 10-16-2019 07:04
    On the simulating of malicious traffic and testing Incap rules question, we often will use a test site hosted on Digital Ocean or Linode and protected by CloudWAF as the target when developing custom rules, with the traffic being created by something like Fiddler (https://www.telerik.com/fiddler) for simple individual requests and Metasploit or similar frameworks in Kali for more involved/complex attacks.

    This is used for both self study and for customer problem replication in-house, you may find these tools useful in your use-case too.

    ------------------------------
    Stefan Pynappels
    Escalation Engineer
    Imperva
    ------------------------------



  • 3.  RE: How have you built custom IncapRules to protect your applications?

    Posted 10-16-2019 11:52
    Edited by Evgeni Grinshpun 10-16-2019 12:13
    Specifically, about building IncapRules; we are using Events data to get the details on how to build the rules.
    In some cases, the security team will need to be involved to looks are raw event data available for the support teams.

    This is the docs for rules and events
    https://docs.imperva.com/bundle/cloud-application-security/page/settings/events.htm

    https://docs.imperva.com/bundle/cloud-application-security/page/rules/create-rule.htm

    ------------------------------
    Evgeni Grinshpun
    Cloud Application Security Support Manager
    Imperva
    ------------------------------