Hi Jagadesh,
There is a policy for "automated vulnerability scanning" under "Web Service Custom". (Main > Policies > Security)
By default, this policy has an action of "none" and is not applied. Click the Apply To tab to apply it your applicable server groups.
If you are satisfied with the results, you can change the action to "block".
Alternatively, you can create a custom policy to block the specific user agent, similar to what Alden mentioned above for CWAF.
Within the Security Policies screen, click the green + icon and select "Web Service". Give the policy a name and select "Web Service Custom" for type and click Create.
Look within the list of Match Criteria until you find, "HTTP Request User-Agent (Header)"
Click the green up arrow to move it up. (it will then turn to a blue down arrow)
Click the green + next to the operation value and enter "Mozilla/5.0 zgrab/0.x" for the value.
You may want to leave the action as "None" during initial testing. Remember to click the Apply To tab and apply to applicable server groups, and finally click Save.
------------------------------
Jaired Anderson
Imperva
------------------------------
Original Message:
Sent: 04-21-2023 08:02
From: Jagadesh Kumar R
Subject: Zgrab Scanner Mitigation Policy
Hello Alden,
Thanks for the information,
It could be appreciable if there's a policy for On-premise WAF. And how to block "User agents" in On-Premise WAF.
------------------------------
Jagadesh Kumar R
Inormation Security Group, Assistant Manager
The Karur Vysya Bank Limited
Karur
Original Message:
Sent: 04-20-2023 12:59
From: Alden Chevez Gomez
Subject: Zgrab Scanner Mitigation Policy
Hi! You could create an incap rule to block that User Agent, it would look a bit like this
------------------------------
Alden Chevez Gomez
Imperva Employee
Original Message:
Sent: 04-17-2023 13:40
From: Jagadesh Kumar R
Subject: Zgrab Scanner Mitigation Policy
Dear all,
Hope you're all doing great!!!
We have observed a http traffic initiated by zgrab scanner. So we didn't find relevant policy to this,
User-agent: Mozilla/5.0 zgrab/0.x
#CloudWAF(formerlyIncapsula)
#On-PremisesWAF(formerlySecuresphere)
------------------------------
Jagadesh Kumar R
Inormation Security Group, Assistant Manager
The Karur Vysya Bank Limited
Karur
------------------------------