Imperva WAF

OverviewResources

Once Imperva WAF is configured to deliver events to Netsurion Manager, alerts, dashboards, and reports can be configured in Netsurion.

Security

Alerts

Imperva WAF: Account Takeover Detected: Account takeover is a form of identity theft and fraud, where a malicious third party successfully gains access to the user's account credentials. By appearing as a real user, cyber-criminals can change account details, send phishing emails, steal financial information or sensitive data, or access stolen information to access more accounts in the organization. As soon as such attacks are detected, they are alerted to admin.
Imperva WAF: ACL Detected: The Access Control List (ACL) contains rules that deny or deny access to digital environments. Depending upon the list kept in the Imperva WAF Environment as soon as the rule is triggered an alert is generated.
Imperva WAF: Advanced Bot Detected: Advanced bots are attacks beyond the simple scripts; these attacks use advanced tactics such as headless browsers. Such advanced bot attack detected are sent as an alert from Netsurion.
Imperva WAF: API Specification Detected: Vulnerabilities related to poor authentication, lack of encryption, business logic malfunctions, and insecure endpoints are detected under this alert. These vulnerabilities lead to cyber-attack such as man-in-middle attack. This alert will trigger whenever such an activity is detected.
Imperva WAF: Backdoor Detected: Backdoor is a type of malware that defies common authentication mechanisms to access the system. As a result, remote access is allowed to resource within an application, such as databases and file servers, giving corrupters the ability to remove system commands and update malware. This alert will trigger whenever such an activity is detected.
Imperva WAF: Bot Access Control Detected: Devices which are infected under bots command control are detected in this alert. These devices are controlled under command control and are used for attacks such as DDoS, etc. This alert will trigger whenever such an activity is detected.
Imperva WAF: Remote File Inclusion Detected: Remote File Inclusion (RFI) is an attack, targeting bugs in web applications that dynamically render external scripts. The purpose of the offender is to exploit the function in an application for uploading malware (for example, backdoor shell) within a domain separate from the remote URL. The results of a successful RFI attack include the theft, compromised server and running a site that allows for content modification. This alert will trigger whenever such an activity is detected.
Imperva WAF: Cross Site Scripting Detected: Cross-site scripting (XSS) attacks are a type of injection in which scripts are otherwise inserted into random and trusted websites. XSS instances occur when an attacker uses a web application to send malicious code, usually in the form of scripts by the browser, to different end users. The flaws that allow these attacks to succeed are widely available and anywhere validated or encoded by a web application user using their input. This alert will trigger whenever such an activity is detected.
Imperva WAF: DDoS Detected: Distribution Denial of Service (DDoS) attack is a malicious attempt to distort the normal traffic of the target server, service, or network by flooding the Internet traffic or affecting its surrounding infrastructure. This alert will trigger whenever such an activity is detected.
Imperva WAF: Illegal Resource Access Detected: An Illegal Resource Access attack attempts to access private or restricted pages or attempts to view or process system files. This is mostly done using URL fuzzing, directory trajectories or command injection techniques. This alert will trigger whenever such an activity is detected.
Imperva WAF:SQL Injection Detected: SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into the entry field for execution (for example to dump the contents of the database to the attacker). SQL injection must exploit security vulnerabilities in an application's software, for example, when user input or string literal escape characters embedded in STS statements are incorrectly filtered or Unused Typed and Unexpectedly Processed SQL injections are often known as attack vectors for websites but can be used to attack any type of SQL database. This alert will trigger whenever such an activity is detected.

Reports

Imperva WAF – Attack Activities - This report allows user to extract the detailed summary of events that are specific to web attack such as Cross site scripting, SQL injection etc.
Imperva WAF – Blocked Traffic - This report allows user to extract the detailed summary of events that are blocked by Imperva WAF.

Operations

Reports

Imperva WAF – Allowed Traffic - This report allows user to extract the detailed summary of events that are allowed by Imperva WAF.

Scope

The configuration details are consistent with Netsurion version 9.x and later, and Imperva WAF.

Documentation

To configure Imperva WAF to send logs to Netsurion, refer to the How-to Guide.

For more information please refer to the Integration guide.