Got it working! This is fantastic!
Original Message:
Sent: 03-23-2020 18:36
From: Jim Burtoft
Subject: Automating adding servers to sites with connection config data
I think the call you want is:
Post
https://192.168.2.5:8083/SecureSphere/api/v1/conf/serverGroups/QA Databases/atest/servers/1.7.7.7
blank JSON, or fill in the fields from here:
https://docs.imperva.com/bundle/v13.5-api-reference-guide/page/73172.htm
(you create the object by putting a new IP in the URL - after the first POST, you will get an error that the IP exists and that means you need to "update").
curl -X POST \
https://192.168.2.5:8083/SecureSphere/api/v1/conf/serverGroups/QA%20Databases/atest/servers/1.7.7.7 \
-H 'Authorization: Basic YWRtaW46V2ViY28xMjM=' \
-H 'Content-Type: application/json' \
-H 'Postman-Token: 5ac55ced-da68-4f80-867b-6544201cb55f' \
-H 'cache-control: no-cache' \
-d '{
}'
Postman tells me the Python code would look like:
import requests
url = "https://192.168.2.5:8083/SecureSphere/api/v1/conf/serverGroups/QA%20Databases/atest/servers/1.7.7.7"
payload = "{\n \n}"
headers = {
'Content-Type': "application/json",
'Authorization': "Basic YWRtaW46V2ViY28xMjM=",
'cache-control': "no-cache",
'Postman-Token': "bcae2a8d-02d5-42d8-93f7-b66c90f3dbc6"
}
response = requests.request("POST", url, data=payload, headers=headers)
print(response.text)
------------------------------
Jim Burtoft
Imperva
PA
Original Message:
Sent: 03-23-2020 18:30
From: Brandon Zeitlin
Subject: Automating adding servers to sites with connection config data
Yes, that is correct. I can get all the connections, from that tab, via get request to " /securesphere/api/v1/conf/serverGroups/"servergroup"/servers/ "
When I try to post to that URL I get 405 errors.
When I try to post to " /securesphere/api/v1/conf/serverGroups/"servergroup"/servers/connections/ "
I get 406 errors with the same errors from the GUI:
"The Hostname is not associated with a valid IP address.","error-code":"IMP-10001" (When adding a confirmed hostname) json example = {"host-name": "somehostname"}
"Please enter either IP or Host Name, not both.","error-code":"IMP-10001" (When adding a confirmed IP ONLY, still says I am trying to add hostname) json example = {"ip": "1.1.1.1"}
------------------------------
Brandon Zeitlin
HCA Healthcare
TN
Original Message:
Sent: 03-23-2020 18:19
From: Jim Burtoft
Subject: Automating adding servers to sites with connection config data
Brandon,
You are trying to add a new line to this tab, correct? So where there is currently 1.5.5.5, you would want to add 1.6.6.6 underneath it, correc?
------------------------------
Jim Burtoft
Imperva
PA
Original Message:
Sent: 03-23-2020 14:17
From: Brandon Zeitlin
Subject: Automating adding servers to sites with connection config data
Hello Jim,
Thank you for that example!
It is similar to what I am trying to accomplish. I am not trying to add anything to protected IPs , I want to add a server directly to the "server' tab.
I have a get request working, but when I try to post to the same index, I get a 405 error.
<markup> GET
url = 'https://ip:port/SecureSphere/api/v1/conf/serverGroups/QA Databases/atest/servers/'
addserver = requests.get(url,proxies=proxy, headers=cookieheader)
RETURNS: {"connections":[{"ip":"someip","host-name":"","OS-type":""}]
</markup>
<markup> post
url = 'https://ip:port/SecureSphere/api/v1/conf/serverGroups/QA Databases/atest/servers/'
serverparams= {'connections':[{'ip':'someip', 'host-name': 'somehostname', 'OS-type':'someos'}]}
addserver = requests.get(url,proxies=proxy, headers=cookieheader, json = serverparams)
RESULTS: 405
This is all in Python using requests. I can't figure out what's is giving me the 405 unless the post is specifically unsupported.
update
After changing the url to 'https://ip:port/SecureSphere/api/v1/conf/serverGroups/QA Databases/atest/servers/connections/'
json data = {'ip': '1.2.3.4'}
I get this error
406
{"errors":[{"description":"Please enter either IP or Host Name, not both.","error-code":"IMP-10001"}]}
How do I format the IP address data?
------------------------------
Brandon Zeitlin
HCA Healthcare
TN
Original Message:
Sent: 03-23-2020 11:46
From: Jim Burtoft
Subject: Automating adding servers to sites with connection config data
Brandon,
Attached is an example I wrote up a while back for adding servers automatically for Classification Scans. The last step is "creating a DB connection for the service", which is I think is what you are asking about.
I would encourage you to check out the Imperva Web API Composer as it is VERY useful for exploring the API (both onsite and Cloud WAF). It is available at https://github.com/imperva/imperva-web-api-composer
The Web API Composer also has a set of example calls you may find useful. They are attached in the zip.
Jim
Here is the script that is attached
To create service for scanning in SecureSphere:-Authenticate to generate tokencurl -X GET \
https://192.168.2.5:8083/SecureSphere/api/v1/auth/session \ -H 'Authorization: Basic Ynot_a_real_keyiY28xMjM=' \ -H 'Postman-Token: 5ac97c54-848f-491b-af88-ccca06c8f803' \ -H 'cache-control: no-cache' -For an existing server group, create a service:curl -X POST \
https://192.168.2.5:8083/SecureSphere/api/v1/conf/dbServices/APITest/APITestGroup/ServiceName \ -H 'Content-Type: application/json' \ -H 'Postman-Token: 52b93826-a266-4645-9bf0-245813e2c6b9' \ -H 'cache-control: no-cache' \ -d '{ "db-service-type":"MsSql", "ports":[1433] } '-Add Protected IP to the server groupcurl -X POST \ 'https://192.168.2.5:8083/SecureSphere/api/v1/conf/serverGroups/APITest/APITestGroup/protectedIPs/1.2.3.4?gatewayGroup=SecureSphereGateway' \ -H 'Content-Type: application/json' \ -H 'Postman-Token: e5e291da-0269-433d-b7fb-f827150e5472' \ -H 'cache-control: no-cache' \ -d '{ "comment":"Some comment" } '-Create a DB connection for the servicecurl -X POST \
https://192.168.2.5:8083/SecureSphere/api/v1/conf/dbServices/APITest/APITestGroup/ServiceName/dbConnections/ConnectionName \ -H 'Content-Type: application/json' \ -H 'Postman-Token: 229fb2ea-9436-4886-8193-fdcccfe7b111' \ -H 'cache-control: no-cache' \ -d '{ "ip-address": "1.2.3.4", "user-name": "admin", "password": "1234", "db-name": "orcl", "port": "1234" } 'In the GUI, create a scan.-Add that server to a scan using Update Classification Scan Let the scan run on schedule, then -Get Classification Scan Results
------------------------------
Jim Burtoft
Imperva
PA
Original Message:
Sent: 03-23-2020 10:58
From: Brandon Zeitlin
Subject: Automating adding servers to sites with connection config data
Hello Christopher,
I have poured over the API reference and guide and it does not fit my use case.
I can create or update the name of the server group, but there is no example call of how to post servers (via IP or hostname) to an existing server group. I maybe missing something, but I have gone over the guide extensively to fit our use cases, but the current API calls are very limited.
I do want to mention also, that in the DAM 13.5 it says you can script the installation of agents via the API, after checking the API reference guides that doesn't seem possible. Maybe that DAM 13.5 documentation should be fixed.
------------------------------
Brandon Zeitlin
HCA Healthcare
TN
Original Message:
Sent: 03-23-2020 10:35
From: Christopher Detzel
Subject: Automating adding servers to sites with connection config data
@Brandon Zeitlin The API user guide has everything you need, that is, creation/modification/deletion/retrieval of sites, server groups, servers, and credentials
------------------------------
Christopher Detzel
Community Manager
Imperva
Original Message:
Sent: 03-20-2020 10:24
From: Brandon Zeitlin
Subject: Automating adding servers to sites with connection config data
Hello,
Is there a way to automate the addition of servers to server groups, along with connection credentials? I've looked in the Imperva API documentation and all it has is get requests. I looked through the Imperva SDK documentation and it looks more promising with JSON import/export capabilities.
Just wondering if this is possible and if so, what are the best tools to use, API, SDK, etc?
#DatabaseActivityMonitoring
------------------------------
Brandon Zeitlin
TN
------------------------------