Imperva Cyber Community

Expand all | Collapse all

Application Profile Learning tuning

  • 1.  Application Profile Learning tuning

    Posted 10-30-2020 05:24
    Hello everyone!
    I am running in a specific use case and would appreciate if anyone has dealt with it before.
    Customer is constantly adding new sites in Imperva and is getting reports on parameter-type violations.
    I cant change the system-wide learning parameters because this affect all other sites.
    The job of configuring manually the values for every new site is too tedious so was wondering if there is a way in Imperva to apply every value by default?
    If not, do you use any fuzzing tool to generate payloads so Imperva can add it to the learning?

    Thank you,
    Edvin

    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Edvin Fiku
    S&T Albania
    ------------------------------


  • 2.  RE: Application Profile Learning tuning

    Imperva Employee
    Posted 28 days ago
      |   view attached
    Hi @Edvin Fiku,

    Yes, there is a program-attic method of doing this, we can retrieve the profile from the API, updated individual urls and params with the desired characters and re-upload that profile via API.  Please see an example of a param below with these values added, as well as sample CURL requests you can use to programmatically accomplish this.  Also, we do have an python SDK that may help streamline this process.  Let me know if you run into issues or need assistance in setting a job up to maintain your WAF profiles.

    imperva/imperva-sdk-python
    GitHub remove preview
    imperva/imperva-sdk-python
    imperva-sdk is an Imperva SecureSphere Open API SDK for Python, which allows Python developers to write software that communicates with the SecureSphere MX. imperva-sdk provides an easy to use, object-oriented API in addition to JSON export/import capabilities. Download latest package Documentation To use the SDK: follow Quick start instructions.
    View this on GitHub >



    {
      "name": "QUERY.STRING",
      "maxLength": 1000,
      "minLength": 0,
      "type": "Latin",
      "nullable": false,
      "required": false,
      "readOnly": false,
      "prefix": false,
     "additionalAllowedChars": [
        "period",
        "plus",
        "doubleQuote",
        "osRelatedSeparators",
        "percent",
        "slash"
      ],
      "base64Encoded": false
    }

    Thanks,

    Brian Anderson
    ba@imperva.com

    ------------------------------
    Brian Anderson
    ------------------------------

    Attachment(s)

    txt
    API_webProfile.txt   9K 1 version


  • 3.  RE: Application Profile Learning tuning

    Posted 27 days ago
    Hi Brian,

    Thank you for your detailed reply. Seems for very interesting.
    Will try it out.

    Thanks,
    Edvin

    ------------------------------
    Edvin Fiku
    S&T Albania
    ------------------------------



  • 4.  RE: Application Profile Learning tuning

    Posted 14 days ago
    Hi @Brian Anderson ,

    Sorry for this late reply.
    Is there a way to use this API if you don't know the application tree? 
    This specific use case requires applying certain character set to the root directory and all subfolders. Is this possible in some way?

    Thanks,
    Edvin

    ------------------------------
    Edvin Fiku
    S&T Albania
    ------------------------------