Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Application Profile Learning tuning

    Posted 10-30-2020 05:24
    Hello everyone!
    I am running in a specific use case and would appreciate if anyone has dealt with it before.
    Customer is constantly adding new sites in Imperva and is getting reports on parameter-type violations.
    I cant change the system-wide learning parameters because this affect all other sites.
    The job of configuring manually the values for every new site is too tedious so was wondering if there is a way in Imperva to apply every value by default?
    If not, do you use any fuzzing tool to generate payloads so Imperva can add it to the learning?

    Thank you,
    Edvin

    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Edvin Fiku
    S&T Albania
    ------------------------------


  • 2.  RE: Application Profile Learning tuning

    Posted 11-03-2020 16:03
    Edited by Brian Anderson 11-03-2020 16:04
      |   view attached
    Hi @Edvin Fiku,

    Yes, there is a program-attic method of doing this, we can retrieve the profile from the API, updated individual urls and params with the desired characters and re-upload that profile via API.  Please see an example of a param below with these values added, as well as sample CURL requests you can use to programmatically accomplish this.  Also, we do have an python SDK that may help streamline this process.  Let me know if you run into issues or need assistance in setting a job up to maintain your WAF profiles.

    imperva/imperva-sdk-python
    GitHub remove preview
    imperva/imperva-sdk-python
    imperva-sdk is an Imperva SecureSphere Open API SDK for Python, which allows Python developers to write software that communicates with the SecureSphere MX. imperva-sdk provides an easy to use, object-oriented API in addition to JSON export/import capabilities. Download latest package Documentation To use the SDK: follow Quick start instructions.
    View this on GitHub >



    {
      "name": "QUERY.STRING",
      "maxLength": 1000,
      "minLength": 0,
      "type": "Latin",
      "nullable": false,
      "required": false,
      "readOnly": false,
      "prefix": false,
     "additionalAllowedChars": [
        "period",
        "plus",
        "doubleQuote",
        "osRelatedSeparators",
        "percent",
        "slash"
      ],
      "base64Encoded": false
    }

    Thanks,

    Brian Anderson
    ba@imperva.com

    ------------------------------
    Brian Anderson
    ------------------------------

    Attachment(s)

    txt
    API_webProfile.txt   9 KB 1 version


  • 3.  RE: Application Profile Learning tuning

    Posted 11-04-2020 05:16
    Hi Brian,

    Thank you for your detailed reply. Seems for very interesting.
    Will try it out.

    Thanks,
    Edvin

    ------------------------------
    Edvin Fiku
    S&T Albania
    ------------------------------



  • 4.  RE: Application Profile Learning tuning

    Posted 11-17-2020 14:24
    Edited by Edvin Fiku 11-17-2020 14:25
    Hi @Brian Anderson ,

    Sorry for this late reply.
    Is there a way to use this API if you don't know the application tree? 
    This specific use case requires applying certain character set to the root directory and all subfolders. Is this possible in some way?

    Thanks,
    Edvin

    ------------------------------
    Edvin Fiku
    S&T Albania
    ------------------------------



  • 5.  RE: Application Profile Learning tuning

    Posted 07-14-2023 09:56

    Hi, 

    Try using the copy parameter function which is found when right clicking the parameter. Contrary to its name, what it does is copying the characteristics of parameter on all parameters that match criteria of URL prefix and/or parameter name. 



    ------------------------------
    George
    ------------------------------