Imperva Cyber Community

Hello Christopher,

I have poured over the API reference and guide and it does not fit my use case. 

I can create or update the name of the server group, but there is no example call of how to post servers (via IP or hostname) to an existing server group. I maybe missing something, but I have gone over the guide extensively to fit our use cases, but the current API calls are very limited. 

I do want to mention also, that in the DAM 13.5 it says you can script the installation of agents via the API, after checking the API reference guides that doesn't seem possible. Maybe that DAM 13.5 documentation should be fixed. 

To create service for scanning in SecureSphere:-Authenticate to generate tokencurl -X GET \  

 \  -H 'Authorization: Basic Ynot_a_real_keyiY28xMjM=' \  -H 'Postman-Token: 5ac97c54-848f-491b-af88-ccca06c8f803' \  -H 'cache-control: no-cache'  -For an existing server group, create a service:curl -X POST \  

 \  -H 'Content-Type: application/json' \  -H 'Postman-Token: 52b93826-a266-4645-9bf0-245813e2c6b9' \  -H 'cache-control: no-cache' \  -d '{     "db-service-type":"MsSql",      "ports":[1433] } '-Add Protected IP to the server groupcurl -X POST \  'https://192.168.2.5:8083/SecureSphere/api/v1/conf/serverGroups/APITest/APITestGroup/protectedIPs/1.2.3.4?gatewayGroup=SecureSphereGateway' \  -H 'Content-Type: application/json' \  -H 'Postman-Token: e5e291da-0269-433d-b7fb-f827150e5472' \  -H 'cache-control: no-cache' \  -d '{   "comment":"Some comment" } '-Create a DB connection for the servicecurl -X POST \  

 \  -H 'Content-Type: application/json' \  -H 'Postman-Token: 229fb2ea-9436-4886-8193-fdcccfe7b111' \  -H 'cache-control: no-cache' \  -d '{   "ip-address": "1.2.3.4",   "user-name": "admin",   "password": "1234",   "db-name": "orcl",   "port": "1234" } 'In the GUI, create a scan.-Add that server to a scan using Update Classification Scan Let the scan run on schedule, then -Get Classification Scan Results ​

Hello Christopher,

I have poured over the API reference and guide and it does not fit my use case. 

I can create or update the name of the server group, but there is no example call of how to post servers (via IP or hostname) to an existing server group. I maybe missing something, but I have gone over the guide extensively to fit our use cases, but the current API calls are very limited. 

I do want to mention also, that in the DAM 13.5 it says you can script the installation of agents via the API, after checking the API reference guides that doesn't seem possible. Maybe that DAM 13.5 documentation should be fixed. 

Hello Jim,

Thank you for that example!

It is similar to what I am trying to accomplish. I am not trying to add anything to protected IPs , I want to add a server directly to the "server' tab.

I have a get request working, but when I try to post to the same index, I get a 405 error. 

<markup> GET

url = 'https://ip:port/SecureSphere/api/v1/conf/serverGroups/QA Databases/atest/servers/'

addserver = requests.get(url,proxies=proxy, headers=cookieheader)

RETURNS: {"connections":[{"ip":"someip","host-name":"","OS-type":""}]
</markup>

<markup> post

url = 'https://ip:port/SecureSphere/api/v1/conf/serverGroups/QA Databases/atest/servers/'

serverparams= {'connections':[{'ip':'someip', 'host-name': 'somehostname', 'OS-type':'someos'}]}

addserver = requests.get(url,proxies=proxy, headers=cookieheader, json = serverparams)

RESULTS: 405

This is all in Python using requests. I can't figure out what's is giving me the 405 unless the post is specifically unsupported.  

update
After changing the url to 'https://ip:port/SecureSphere/api/v1/conf/serverGroups/QA Databases/atest/servers/connections/'

json data = {'ip': '1.2.3.4'}

I get this error 
406
{"errors":[{"description":"Please enter either IP or Host Name, not both.","error-code":"IMP-10001"}]}

How do I format the IP address data?

------------------------------
Brandon Zeitlin
HCA Healthcare
TN

Original Message:
Sent: 03-23-2020 11:46
From: Jim Burtoft
Subject: Automating adding servers to sites with connection config data

Brandon,

Attached is an example I wrote up a while back for adding servers automatically for Classification Scans.  The last step is "creating a DB connection for the service", which is I think is what you are asking about.

I would encourage you to check out the Imperva Web API Composer as it is VERY useful for exploring the API (both onsite and Cloud WAF).  It is available at https://github.com/imperva/imperva-web-api-composer 

The Web API Composer also has a set of example calls you may find useful.  They are attached in the zip.

Jim

Here is the script that is attached

To create service for scanning in SecureSphere:-Authenticate to generate tokencurl -X GET \  

 \  -H 'Authorization: Basic Ynot_a_real_keyiY28xMjM=' \  -H 'Postman-Token: 5ac97c54-848f-491b-af88-ccca06c8f803' \  -H 'cache-control: no-cache'  -For an existing server group, create a service:curl -X POST \  

 \  -H 'Content-Type: application/json' \  -H 'Postman-Token: 52b93826-a266-4645-9bf0-245813e2c6b9' \  -H 'cache-control: no-cache' \  -d '{     "db-service-type":"MsSql",      "ports":[1433] } '-Add Protected IP to the server groupcurl -X POST \  'https://192.168.2.5:8083/SecureSphere/api/v1/conf/serverGroups/APITest/APITestGroup/protectedIPs/1.2.3.4?gatewayGroup=SecureSphereGateway' \  -H 'Content-Type: application/json' \  -H 'Postman-Token: e5e291da-0269-433d-b7fb-f827150e5472' \  -H 'cache-control: no-cache' \  -d '{   "comment":"Some comment" } '-Create a DB connection for the servicecurl -X POST \  

 \  -H 'Content-Type: application/json' \  -H 'Postman-Token: 229fb2ea-9436-4886-8193-fdcccfe7b111' \  -H 'cache-control: no-cache' \  -d '{   "ip-address": "1.2.3.4",   "user-name": "admin",   "password": "1234",   "db-name": "orcl",   "port": "1234" } 'In the GUI, create a scan.-Add that server to a scan using Update Classification Scan Let the scan run on schedule, then -Get Classification Scan Results ​

Hello Christopher,

I have poured over the API reference and guide and it does not fit my use case. 

I can create or update the name of the server group, but there is no example call of how to post servers (via IP or hostname) to an existing server group. I maybe missing something, but I have gone over the guide extensively to fit our use cases, but the current API calls are very limited. 

I do want to mention also, that in the DAM 13.5 it says you can script the installation of agents via the API, after checking the API reference guides that doesn't seem possible. Maybe that DAM 13.5 documentation should be fixed. 

Yes, that is correct. I can get all the connections, from that tab, via get request to " /securesphere/api/v1/conf/serverGroups/"servergroup"/servers/ "

When I try to post to that URL I get 405 errors.

When I try to post to " /securesphere/api/v1/conf/serverGroups/"servergroup"/servers/connections/ "

I get 406 errors with the same errors from the GUI:

"The Hostname is not associated with a valid IP address.","error-code":"IMP-10001" (When adding a confirmed hostname) json example = {"host-name": "somehostname"}

"Please enter either IP or Host Name, not both.","error-code":"IMP-10001" (When adding a confirmed IP ONLY, still says I am trying to add hostname) json example = {"ip": "1.1.1.1"}

Hello Jim,

Thank you for that example!

It is similar to what I am trying to accomplish. I am not trying to add anything to protected IPs , I want to add a server directly to the "server' tab.

I have a get request working, but when I try to post to the same index, I get a 405 error. 

<markup> GET

url = 'https://ip:port/SecureSphere/api/v1/conf/serverGroups/QA Databases/atest/servers/'

addserver = requests.get(url,proxies=proxy, headers=cookieheader)

RETURNS: {"connections":[{"ip":"someip","host-name":"","OS-type":""}]
</markup>

<markup> post

url = 'https://ip:port/SecureSphere/api/v1/conf/serverGroups/QA Databases/atest/servers/'

serverparams= {'connections':[{'ip':'someip', 'host-name': 'somehostname', 'OS-type':'someos'}]}

addserver = requests.get(url,proxies=proxy, headers=cookieheader, json = serverparams)

RESULTS: 405

This is all in Python using requests. I can't figure out what's is giving me the 405 unless the post is specifically unsupported.  

update
After changing the url to 'https://ip:port/SecureSphere/api/v1/conf/serverGroups/QA Databases/atest/servers/connections/'

json data = {'ip': '1.2.3.4'}

I get this error 
406
{"errors":[{"description":"Please enter either IP or Host Name, not both.","error-code":"IMP-10001"}]}

How do I format the IP address data?

------------------------------
Brandon Zeitlin
HCA Healthcare
TN

Original Message:
Sent: 03-23-2020 11:46
From: Jim Burtoft
Subject: Automating adding servers to sites with connection config data

Brandon,

Attached is an example I wrote up a while back for adding servers automatically for Classification Scans.  The last step is "creating a DB connection for the service", which is I think is what you are asking about.

I would encourage you to check out the Imperva Web API Composer as it is VERY useful for exploring the API (both onsite and Cloud WAF).  It is available at https://github.com/imperva/imperva-web-api-composer 

The Web API Composer also has a set of example calls you may find useful.  They are attached in the zip.

Jim

Here is the script that is attached

To create service for scanning in SecureSphere:-Authenticate to generate tokencurl -X GET \  

 \  -H 'Authorization: Basic Ynot_a_real_keyiY28xMjM=' \  -H 'Postman-Token: 5ac97c54-848f-491b-af88-ccca06c8f803' \  -H 'cache-control: no-cache'  -For an existing server group, create a service:curl -X POST \  

 \  -H 'Content-Type: application/json' \  -H 'Postman-Token: 52b93826-a266-4645-9bf0-245813e2c6b9' \  -H 'cache-control: no-cache' \  -d '{     "db-service-type":"MsSql",      "ports":[1433] } '-Add Protected IP to the server groupcurl -X POST \  'https://192.168.2.5:8083/SecureSphere/api/v1/conf/serverGroups/APITest/APITestGroup/protectedIPs/1.2.3.4?gatewayGroup=SecureSphereGateway' \  -H 'Content-Type: application/json' \  -H 'Postman-Token: e5e291da-0269-433d-b7fb-f827150e5472' \  -H 'cache-control: no-cache' \  -d '{   "comment":"Some comment" } '-Create a DB connection for the servicecurl -X POST \  

 \  -H 'Content-Type: application/json' \  -H 'Postman-Token: 229fb2ea-9436-4886-8193-fdcccfe7b111' \  -H 'cache-control: no-cache' \  -d '{   "ip-address": "1.2.3.4",   "user-name": "admin",   "password": "1234",   "db-name": "orcl",   "port": "1234" } 'In the GUI, create a scan.-Add that server to a scan using Update Classification Scan Let the scan run on schedule, then -Get Classification Scan Results ​

Hello Christopher,

I have poured over the API reference and guide and it does not fit my use case. 

I can create or update the name of the server group, but there is no example call of how to post servers (via IP or hostname) to an existing server group. I maybe missing something, but I have gone over the guide extensively to fit our use cases, but the current API calls are very limited. 

I do want to mention also, that in the DAM 13.5 it says you can script the installation of agents via the API, after checking the API reference guides that doesn't seem possible. Maybe that DAM 13.5 documentation should be fixed.