API Reference¶

This is a complete reference for the imperva-sdk module.

If you are looking for usage examples, try the Examples page - it will probably be more helpful.

You may also need the official MX Open API documentation for more information. There are many differences between imperva-sdk and the Open API (hopefully for the better) such as parameter names, hierarchy, additional functionality and what not - so pay close attention.

MxConnection Class¶

class imperva_sdk.MxConnection(Host=None, Port=8083, Username='admin', Password='password', FirstTime=False, Unlicensed=False, Debug=False)¶

Opens a connection (session) handler to the SecureSphere MX. This is your starting point for using imperva_sdk.

>>> import imperva_sdk
>>> mx = imperva_sdk.MxConnection(Host="192.168.0.1", Username="admin", Password="password")

Parameters

Host (string) – MX server IP Address or Host name
Port (int) – MX server port number (default=8083)
Username (string) – MX server UI user name (default=’admin’)
Password (string) – MX server UI user password (default=’password’)
FirstTime (boolean) – Set to True if ‘admin’ password is not set (First Time Password). Not available on physical appliances. (default=False)
Unlicensed (boolean) – Set to True if the MX did not apply a license yet (default=False)
Debug (boolean) – Print API HTTP debug information (default=False)

Return type

imperva_sdk.MxConnection

Returns

MX connection instance

Note

All of the MX objects that are retrieved using the API are stored in the context of the MxConnection instance to prevent redundant API calls.

property Challenge¶: MX Challenge that was generated for the appliance (read only)

Debug(value)¶

property IsAuthenticated¶: MX connection authentication status (read only)

property Version¶: MX SecureSphere Version (read only) >>> mx.Version u‘12.0.0.41’

clone_action_sets(fromMX)¶

clone_all_web_service_custom_policies(NamePrefix=None, Overwrite=False, Enabled=None, Action=None, FollowedAction=None, ApplyTo=None, DefaultOnly=True, Skip=None)¶: Clone all policies. If defined, overwrite Enabled, FollowedAction, ApplyTo, etc.

clone_external_http_protocol_signatures_policies(fromMX, skipPolicies=['legacy', 'emergency'])¶

clone_external_web_service_custom_policies(fromMX)¶

clone_http1x_protocol_validation(fromMX)¶

clone_http2_protocol_validation(fromMX)¶

clone_mx_sites(fromMX)¶

clone_server_group(fromSg, ttooSg, gwGroup)¶

clone_site_config(fromSite, ttooSite, gwGroup)¶

clone_web_service_custom_policy(Name=None, NamePrefix=None, Overwrite=False, Enabled=None, Action=None, FollowedAction=None, ApplyTo=None, Verbose=False)¶: Clone policy. If defined, overwrite Enabled, FollowedAction, ApplyTo, etc.

create_action(Name=None, ActionSet=None, ActionType=None, Protocol=None, SyslogFacility=None, Host=None, SyslogLogLevel=None, SecondaryPort=None, ActionInterface=None, SecondaryHost=None, Message=None, Port=None, update=False)¶

Create (or update) an “action set” action. >>> action_set.create_action(Name=”GW Syslog”, ActionType=”GWSyslog”, Port=514, Host=”syslog-server”, Protocol=”TCP”, SyslogLogLevel=”DEBUG”, SyslogFacility=”LOCAL0”, ActionInterface=”Gateway Log - Security Event - System Log (syslog) - JSON format (Extended)”) :type Name: string :param Name: Action Name :type ActionSet: string :param ActionSet: Action Set Name :param ActionType: See imperva_sdk.Action.Action.ActionType :param Protocol: See imperva_sdk.Action.Action.Protocol :param SyslogFacility: See imperva_sdk.Action.Action.SyslogFacility :param Host: See imperva_sdk.Action.Action.Host :param SyslogLogLevel: See imperva_sdk.Action.Action.SyslogLogLevel :param SecondaryPort: See imperva_sdk.Action.Action.SecondaryPort :param ActionInterface: See imperva_sdk.Action.Action.ActionInterface :param SecondaryHost: See imperva_sdk.Action.Action.SecondaryHost :param Message: See imperva_sdk.Action.Action.Message :param Port: See imperva_sdk.Action.Action.Port :type update: boolean :param update: If update=True and the resource already exists, update and return the existing resource. If update=False (default) and the resource exists, an exception will be raised.

Return type: imperva_sdk.Action.Action
Returns: Created Action instance.

create_action_set(Name=None, AsType=None, update=False)¶

Create (or update) an “action set” >>> action_set = mx.create_action_set(Name=”Send GW violations to Syslog”, AsType=”security”)

Parameters

Name (string) – Action Set Name
AsType (string) – Action Set Type (security / any)

Return type

imperva_sdk.ActionSet.ActionSet

Returns

ActionSet instance of created action set.

create_agent_configuration(Name=None, Ip=None, DataInterfaces=[], Tags=[], AdvancedConfig={}, DiscoverySettings={}, CpuUsageRestraining={}, GeneralDetails={}, update=False)¶

Parameters

(string) (Ip) – agent’s name
(string) – agent’s IP
(list) (Tags) – agent’s data interfaces
(list) – agent’s tags
(dict) (GeneralDetails) – agent’s advanced configuration
(dict) – agent’s discovery settings
(dict) – agent’s cpu usage restraining
(dict) – agent’s additional general details
update – If update=True and the data set already exists, update and return the existing data set. If update=False (default) and the data set exists, an exception will be raised.

Returns

AgentConfiguration instance

create_agent_monitoring_rule_dam_global_object(Name=None, PolicyType=None, Action=None, CustomPredicates=[], ApplyToAgent=[], ApplyToTag=[], update=False)¶

Parameters

Name – Rule name (string)
PolicyType – The type of the policy (string)
Action – The followed action of the rule (string)
CustomPredicates – Policy Match Criteria in API JSON format
ApplyToAgent – Agents that rule is applied to, in API JSON format
ApplyToTag – Tags that rule is applied to, in API JSON format
update – If update=True and the resource already exists, update and return the existing resource. If update=False (default) and the resource exists, an exception will be raised.

Returns

AgentMonitoringRule instance

create_assessment_policy(Name=None, Description=None, DbType=None, PolicyTags=[], AdcKeywords=[], TestNames=[], update=False)¶

create_assessment_scan_das_object(Name=None, Type=None, PolicyName=None, PreTest=None, PolicyTags=[], DbConnectionTags=[], ApplyTo=[], Scheduling=None, update=False)¶

create_assessment_test(Name=None, Description=None, Severity=None, Category=None, ScriptType=None, OsType=None, DbType=None, RecommendedFix=None, TestScript=None, AdditionalScript=None, ResultsLayout=[], update=False)¶

create_aws_krp_rule(WebService=None, ServerGroup=None, Site=None, GatewayGroup=None, GatewayPorts=None, Alias=None, Priority=None, InternalIpHost=None, ExternalHost=None, UrlPrefix=None, ServerPort=None, Refresh=True, ServerCertificate=None, ClientAuthenticationAuthorities=None, Name=None, Update=False, SslKeyName=None, CertKey=None, CertPem=None)¶: Please, see FR Case 00485106: Decouple Gateway Group Alias from the presence of a Gateway in a Gateway Group For this reason, we first need to monitor for existence of a specific Gateway Group (containing at least a Gateway) Once that exists, we can create the KRP rule (which is using the GW associated Label)

create_classification_profile(Name=None, SiteName=None, DataTypes=[], AutoAcceptResults=None, ScanViewsAndSynonyms=None, SaveSampleData=None, DataSampleAccuracy=None, ScanSystemSchemas=None, DbsAndSchemasUsage=None, DbsAndSchemas=[], ExcludeTablesAndColumns=[], DelayBetweenQueries=None, NumberOfConcurrentDbConnection=None, update=False)¶

create_classification_scan_das_object(Name=None, ProfileName=None, ApplyTo=[], Scheduling=None, update=False)¶

create_cloud_account_dam_global_object(Name=None, PrivateKey=None, AccessKey=None, AwsRegion=None, AzureTenant=None, CloudProvider=None, update=False)¶

create_data_enrichment_dam_policy(Name=None, PolicyType=None, Rules=[], MatchCriteria=[], ApplyTo=[], update=False)¶

create_data_type_dam_global_object(Name=None, IsSensitive=True, Rules=[], TargetTableGroupName=None, update=False)¶

Parameters

Name – Data type name (string)
IsSensitive – True if data type is sensitive (boolean)
Rules – the rules of the data type (list)
TargetTableGroupName – The name of the target table group (string)
update – If update=True and the data type already exists, update and return the existing data type. If update=False (default) and the data type exists, an exception will be raised.

Returns

DataType instance

create_db_application(Name=None, DbService=None, ServerGroup=None, Site=None, TableGroupValues=None, update=False)¶

create_db_audit_dam_policy(Name=None, Parameters=[], update=False)¶

create_db_audit_dam_report(Name=None, ReportFormat=None, ReportId=None, Columns=[], Filters=[], Policies=[], Sorting=[], TimeFrame={}, Scheduling=[], update=False)¶

Parameters

Name – The report name (string)
ReportFormat – The format of the report (string)
ReportId – The ID of the report (string)
Columns – A list of columns in the report (list)
Filters – The filters applied to the report (list)
Policies – The policies applied to the report (list)
Sorting – The sorting criterion (list)
TimeFrame – The time frame of the report (dict)
Scheduling – The scheduling to determine the time the report will run
update – If update=True and the report already exists, update and return the existing report. If update=False (default) and the report exists, an exception will be raised.

Returns

DBAuditReport instance

create_db_connection(SiteName=None, ServerGroupName=None, ServiceName=None, ConnectionName=None, UserName=None, Password=None, Port=None, IpAddress=None, DbName=None, ServerName=None, UserMapping=None, ConnectionString=None, ServiceDirectory=None, TnsAdmin=None, HomeDirectory=None, Instance=None, HostName=None, update=False)¶

create_db_security_dam_policy(Name=None, PolicyType=None, Enabled=None, Severity=None, Action=None, FollowedAction=None, ApplyTo=None, AutoApply=None, MatchCriteria=None, update=False)¶

create_db_service(Name=None, ServerGroup=None, Site=None, Ports=[], DefaultApp=None, DbMappings=[], TextReplacement=[], LogCollectors=[], DbServiceType=None, update=False)¶

create_db_service_pc(Name=None, ServerGroup=None, Site=None, Ports=[], DefaultApp=None, DbMappings=[], TextReplacement=[], LogCollectors=[], DbServiceType=None, update=False)¶

create_discovery_scan_das_object(Name=None, ExistingSiteName=None, AutoAccept=None, ScanExistingServerGroups=None, ScanIpGroup=None, IpGroups=[], ScanCloudAccount=None, CloudAccounts=[], ServiceTypes=[], ResolveDns=None, ResolveVersions=None, EnhancedScanning=None, DiscoveryTimeout=None, GlobalPortConfiguration=None, ServerGroupNamingTemplate=None, ServiceNamingTemplate=None, CredentialsEnabled=None, OsCredentials=[], DbCredentials=[], Scheduling=None, update=False)¶

create_gatewaygroup(Name=None, gatewayPlatform=None, gatewayMode=None, failMode=None, overloadPolicy=None, Overwrite=None)¶: Set GatewayGroup

create_http_protocol_signatures_policy(Name=None, SendToCd=None, DisplayResponsePage=None, ApplyTo=[], Rules=[], Exceptions=[], update=False)¶

Create (or update) an “http protocol signatures” policy. >>> mx.create_http_protocol_signatures_policy(Name=”giora web sig 5”, ApplyTo=[], Rules=[{u’action’: u’block’, u’enabled’: False, u’name’: u’ASP Oracle Padding’, u’severity’: u’medium’}], Exceptions=[{u’comment’: u’exception comment’, u’predicates’: [{u’type’: u’httpRequestUrl’, u’operation’: u’atLeastOne’, u’values’: [u’/login’], u’match’: u’prefix’}], u’ruleName’: u’ASP Oracle Padding’}]) :type Name: string :param Name: Policy Name :param SendToCd: See imperva_sdk.HttpProtocolSignaturesPolicy.HttpProtocolSignaturesPolicy.SendToCd :param DisplayResponsePage: See imperva_sdk.HttpProtocolSignaturesPolicy.HttpProtocolSignaturesPolicy.DisplayResponsePage :param ApplyTo: See imperva_sdk.HttpProtocolSignaturesPolicy.HttpProtocolSignaturesPolicy.ApplyTo :param Rules: See imperva_sdk.HttpProtocolSignaturesPolicy.HttpProtocolSignaturesPolicy.Rules :param Exceptions: See imperva_sdk.HttpProtocolSignaturesPolicy.HttpProtocolSignaturesPolicy.Exceptions :type update: boolean :param update: If update=True and the resource already exists, update and return the existing resource. If update=False (default) and the resource exists, an exception will be raised.

Return type: imperva_sdk.HttpProtocolSignaturesPolicy.HttpProtocolSignaturesPolicy
Returns: Created HttpProtocolSignaturesPolicy instance.

create_ip_group_dam_global_object(Name=None, Entries=[], update=False)¶

create_krp_rule(WebService=None, ServerGroup=None, Site=None, GatewayGroup=None, Alias=None, GatewayPorts=[], ServerCertificate=None, ClientAuthenticationAuthorities=None, OutboundRules=[], Name=None, update=False)¶: Creates KRP (reverse proxy) rule. Must specify at least one outbound rule on creation. >>> krp = mx.create_krp_rule(WebService=”advanced web service”, ServerGroup=”server group name”, Site=”site name”, Alias=”alias name”, GatewayGroup=”gg name”, GatewayPorts=[8443], ServerCertificate=”key name”, OutboundRules=[{‘priority’: 1, ‘internalIpHost’: ‘192.168.0.1’, ‘serverPort’: 443}]) :type Name: string :param Name: This is a stub parameter - don’t need to specify anythin. :type WebService: string :param WebService: Web Service name :type ServerGroup: string :param ServerGroup: Server Group name :type Site: string :param Site: Site name :param GatewayGroup: See imperva_sdk.KrpRule.KrpRule.GatewayGroup :param Alias: See imperva_sdk.KrpRule.KrpRule.Alias :param GatewayPorts: See imperva_sdk.KrpRule.KrpRule.GatewayPorts. :param ServerCertificate: See imperva_sdk.KrpRule.KrpRule.ServerCertificate. :param ClientAuthenticationAuthorities: See imperva_sdk.KrpRule.KrpRule.ClientAuthenticationAuthorities. :param OutboundRules: See imperva_sdk.KrpRule.KrpRule.OutboundRules. :type update: boolean :param update: If update=True and the resource already exists, update and return the existing resource. If update=False (default) and the resource exists, an exception will be raised. :rtype: imperva_sdk.KrpRule.KrpRule :return: Created KrpRule instance.

create_lookup_data_set_dam_global_object(Name=None, Records=[], Columns=[], update=False)¶

Parameters

Name – Data set name (string)
Records – The records in the data set
Columns – the columns of the data set
update – If update=True and the data set already exists, update and return the existing data set. If update=False (default) and the data set exists, an exception will be raised.

Returns

LookupDataSet instance

create_parameter_type_global_object(Name=None, Regex=None, update=False)¶

Create (or update) a “parameter type” global object. :type Name: string :param Name: Global Object Name :param Regex: See imperva_sdk.ParameterTypeGlobalObject.ParameterTypeGlobalObject.Regex :type update: boolean :param update: If update=True and the resource already exists, update and return the existing resource. If update=False (default) and the resource exists, an exception will be raised.

Return type: imperva_sdk.ParameterTypeGlobalObject.ParameterTypeGlobalObject
Returns: Created ParameterTypeGlobalObject instance.

create_server_group(Name=None, Site=None, OperationMode=None, ProtectedIps=[], ServerIps=[], update=False)¶

Parameters

Name (string) – Server group name
Site (string) – Site name
OperationMode ('active', 'simulation' or 'disabled') – See imperva_sdk.Servergroup.ServerGroup.OperationMode
ProtectedIps – See imperva_sdk.Servergroup.ServerGroup.ProtectedIps
ServerIps – IPs String list`
update (boolean) – If update=True and the resource already exists, update and return the existing resource. If update=False (default) and the resource exists, an exception will be raised.

Return type

imperva_sdk.Servergroup.ServerGroup

Returns

Created ServerGroup instance.

create_site(Name=None, update=False)¶

Parameters

Name (string) – Site name
update (boolean) – If update=True and the resource already exists, update and return the existing resource. If update=False (default) and the resource exists, an exception will be raised.

Return type

imperva_sdk.Site.Site

Returns

Site instance of site with specified name.

create_table_group_dam_global_object(Name=None, IsSensitive=None, DataType=None, ServiceTypes=[], Records=[], update=False)¶

Parameters

Name – Table group name (string)
IsSensitive – Is the table group sesitive (boolean)
DataType – the data type of the table group (string)
ServiceTypes – a list of the servie types (list)
Records – a list of records (list)
update – update: If update=True and the resource already exists, update and return the existing resource. If update=False (default) and the resource exists, an exception will be raised.

Returns

TableGroup instance

create_tag(Name=None, update=False)¶

create_trp_rule(WebService=None, ServerGroup=None, Site=None, ServerIp=None, ListenerPorts=[], ServerSidePort=None, EncryptServerConnection=None, Certificate=None, Name=None, update=False)¶: Creates TRP (transparent reverse proxy) rule. :type Name: string :param Name: This is a stub parameter - don’t need to specify anythin. :type WebService: string :param WebService: Web Service name :type ServerGroup: string :param ServerGroup: Server Group name :type Site: string :param Site: Site name :param ListenerPorts: See imperva_sdk.TrpRule.TrpRule.ListenerPorts :param ServerIp: See imperva_sdk.TrpRule.TrpRule.ServerIp :param ServerSidePort: See imperva_sdk.TrpRule.TrpRule.ServerSidePort. :param Certificate: See imperva_sdk.TrpRule.TrpRule.Certificate. :param EncryptServerConnection: See imperva_sdk.TrpRule.TrpRule.EncryptServerConnection. :type update: boolean :param update: If update=True and the resource already exists, update and return the existing resource. If update=False (default) and the resource exists, an exception will be raised. :rtype: imperva_sdk.TrpRule.TrpRule :return: Created TrpRule instance.

create_web_application(Name=None, WebService=None, ServerGroup=None, Site=None, LearnSettings=None, ParseOcspRequests=None, RestrictMonitoringToUrls=None, IgnoreUrlsDirectories=None, Profile=None, Mappings=None, update=False)¶

Parameters

Name (string) – Web Application name
WebService (string) – Web Service name
ServerGroup (string) – Server group name
Site (string) – Site name
LearnSettings – See imperva_sdk.WebApplication.WebApplication.LearnSettings
ParseOcspRequests – See imperva_sdk.WebApplication.WebApplication.ParseOcspRequests
RestrictMonitoringToUrls – See imperva_sdk.WebApplication.WebApplication.RestrictMonitoringToUrls
IgnoreUrlsDirectories – See imperva_sdk.WebApplication.WebApplication.IgnoreUrlsDirectories
Mappings – See imperva_sdk.WebApplication.WebApplication.Mappings
Profile – See imperva_sdk.MxConnection.get_profile()
update (boolean) – If update=True and the resource already exists, update and return the existing resource. If update=False (default) and the resource exists, an exception will be raised.

Return type

imperva_sdk.WebApplication.WebApplication

Returns

Created WebApplication instance.

create_web_application_custom_policy(Name=None, Enabled=None, Severity=None, Action=None, FollowedAction=None, SendToCd=None, DisplayResponsePage=None, ApplyTo=None, MatchCriteria=None, OneAlertPerSession=None, update=False)¶

Create (or update) a “web application custom” policy. >>> policy = mx.create_web_application_custom_policy(Name=”new custom policy”, Enabled=True, Severity=”High”, Action=’block’, FollowedAction=”Short IP Block”, DisplayResponsePage=False, SendToCd=False, ApplyTo=[{‘siteName’: ‘site name’, ‘webServiceName’: ‘advanced web service’, ‘serverGroupName’: ‘server group name’}], OneAlertPerSession=False, MatchCriteria=[{‘type’: ‘httpRequestHeaderValue’, ‘operation’: ‘atLeastOne’, ‘values’: [‘516’, ‘2560’], ‘name’: ‘Content-Length’}, {‘type’: ‘violations’, ‘operation’: ‘atLeastOne’, ‘values’: [‘Post Request - Missing Content Type’]}]) :type Name: string :param Name: Policy Name :param Enabled: See imperva_sdk.WebApplicationCustomPolicy.WebApplicationCustomPolicy.Enabled :param Severity: See imperva_sdk.WebApplicationCustomPolicy.WebApplicationCustomPolicy.Severity :param Action: See imperva_sdk.WebApplicationCustomPolicy.WebApplicationCustomPolicy.Action :param FollowedAction: See imperva_sdk.WebApplicationCustomPolicy.WebApplicationCustomPolicy.FollowedAction :param SendToCd: See imperva_sdk.WebApplicationCustomPolicy.WebApplicationCustomPolicy.SendToCd :param DisplayResponsePage: See imperva_sdk.WebApplicationCustomPolicy.WebApplicationCustomPolicy.DisplayResponsePage :param ApplyTo: See imperva_sdk.WebApplicationCustomPolicy.WebApplicationCustomPolicy.ApplyTo :param MatchCriteria: See imperva_sdk.WebApplicationCustomPolicy.WebApplicationCustomPolicy.MatchCriteria :param OneAlertPerSession: See imperva_sdk.WebApplicationCustomPolicy.WebApplicationCustomPolicy.OneAlertPerSession :type update: boolean :param update: If update=True and the resource already exists, update and return the existing resource. If update=False (default) and the resource exists, an exception will be raised.

Return type: imperva_sdk.WebApplicationCustomPolicy.WebApplicationCustomPolicy
Returns: Created WebApplicationCustomPolicy instance.

create_web_profile_policy(Name=None, SendToCd=None, DisplayResponsePage=None, DisableLearning=None, ApplyTo=[], Rules=[], Exceptions=[], ApuConfig={}, update=False)¶: Create (or update) a “web Progile” policy. >>> policy = mx.create_web_profile_policy(Name=”New web profile policy”, SendToCd=True, DisplayResponsePage=True, DisableLearning=False, ApplyTo=[{‘siteName’: ‘site name’, ‘webServiceName’: ‘advanced web service’, ‘serverGroupName’: ‘server group name’}], Rules=[{u’action’: u’block’, u’enabled’: False, u’name’: u’Cookie Injection’, u’severity’: u’medium’}], Exceptions=[{u’comment’: u’exception comment’, u’predicates’: [{u’type’: u’httpRequestUrl’, u’operation’: u’atLeastOne’, u’values’: [u’/login’], u’match’: u’prefix’}], u’ruleName’: u’Cookie Injection’}], ApuConfig={‘SOAP Element Value Length Violation’: {‘enabled’: True, ‘sources’: 50, ‘occurrences’: 50, ‘hours’: 12}, ‘Parameter Read Only Violation’: {‘enabled’: True, ‘sources’: 50, ‘occurrences’: 50, ‘hours’: 12}, “Reuse of Expired Session’s Cookie”: {‘enabled’: True, ‘sources’: 50, ‘occurrences’: 50, ‘hours’: 12}, ‘SOAP Element Value Type Violation’: {‘enabled’: True, ‘sources’: 50, ‘occurrences’: 50, ‘hours’: 12}, ‘Required Parameter Not Found’: {‘enabled’: True, ‘sources’: 50, ‘occurrences’: 50, ‘hours’: 12}, ‘Unauthorized Method for Known URL’: {‘enabled’: True, ‘sources’: 50, ‘occurrences’: 50, ‘hours’: 12}, ‘Unknown Parameter’: {‘enabled’: True, ‘sources’: 50, ‘occurrences’: 50, ‘hours’: 12}, ‘Parameter Type Violation’: {‘enabled’: True, ‘sources’: 50, ‘occurrences’: 50, ‘hours’: 12}, ‘Unauthorized SOAP Action’: {‘enabled’: True, ‘sources’: 50, ‘occurrences’: 50, ‘hours’: 12}, ‘Unknown SOAP Element’: {‘enabled’: True, ‘sources’: 50, ‘occurrences’: 50, ‘hours’: 12}, ‘Required XML Element Not Found’: {‘enabled’: True, ‘sources’: 50, ‘occurrences’: 50, ‘hours’: 12}, ‘Parameter Value Length Violation’: {‘enabled’: True, ‘sources’: 50, ‘occurrences’: 50, ‘hours’: 12}, ‘Cookie Injection’: {‘enabled’: True, ‘sources’: 50, ‘occurrences’: 50, ‘hours’: 12}, ‘Cookie Tampering’: {‘enabled’: True, ‘sources’: 50, ‘occurrences’: 50, ‘hours’: 12}}, update=False) :type Name: string :param Name: Policy Name :param SendToCd: See imperva_sdk.WebProfilePolicy.WebProfilePolicy.SendToCd :param DisplayResponsePage: See imperva_sdk.WebProfilePolicy.WebProfilePolicy.DisplayResponsePage :param DisableLearning: See imperva_sdk.WebProfilePolicy.WebProfilePolicy.DisableLearning :param ApplyTo: See imperva_sdk.WebProfilePolicy.WebProfilePolicy.ApplyTo :param Rules: See imperva_sdk.WebProfilePolicy.WebProfilePolicy.Rules :param Exceptions: See imperva_sdk.WebProfilePolicy.WebProfilePolicy.Exceptions :param ApuConfig: See imperva_sdk.WebProfilePolicy.WebProfilePolicy.ApuConfig :type update: boolean :param update: If update=True and the resource already exists, update and return the existing resource. If update=False (default) and the resource exists, an exception will be raised. :rtype: imperva_sdk.WebProfilePolicy.WebProfilePolicy :return: Created WebProfilePolicy instance.

create_web_service(Name=None, ServerGroup=None, Site=None, Ports=[], SslPorts=[], ForwardedConnections={}, ForwardedClientIp={}, SslKeys=[], TrpMode=None, update=False)¶: Creates a web (HTTP) service under specified server group and site. .. note:: The WebService object contains additional attributes that are not part of the webService API like SSL Certficates and Forwarded Connections. >>> # Create Web Service with default options >>> ws1 = mx.create_web_service(Name=”simple web service”, ServerGroup=”server group name”, Site=”site name”) >>> >>> # Create Web Service with XFF enabled and an SSL Certificate >>> with open(‘/tmp/mycert.pem’, ‘r’) as fd: >>> key_data = fd.read() >>> ws2 = mx.create_web_service(Name=”advanced web service”, ServerGroup=”server group name”, Site=”site name”, Ports=[8080], SslPorts=[8443], ForwardedConnections={“useHttpForwardingHeader”: True, “forwardedConnections”: [{“headerName”: “X-Forwarded-For”, “proxyIpGroup”: “”}]}, ForwardedClientIp={“forwardHeaderName”: “X-Forwarded-For”, “forwardClientIP”: True}, SslKeys=[{“certificate”: key_data, “format”: “pem”, “private”: key_data, “hsm”: False, “sslKeyName”: “key name”, “password”: “”}]) :type Name: string :param Name: Web Service name :type ServerGroup: string :param ServerGroup: Server Group name :type Site: string :param Site: Site name :param Ports: See imperva_sdk.WebService.WebService.Ports :param SslPorts: See imperva_sdk.WebService.WebService.SslPorts :param ForwardedConnections: See imperva_sdk.WebService.WebService.ForwardedConnections :param ForwardedClientIp: See imperva_sdk.WebService.WebService.ForwardedClientIp :param SslKeys: See imperva_sdk.WebService.WebService.SslKeys :param TrpMode: See imperva_sdk.WebService.WebService.TrpMode :type update: boolean :param update: If update=True and the resource already exists, update and return the existing resource. If update=False (default) and the resource exists, an exception will be raised. :rtype: imperva_sdk.WebService.WebService :return: Created WebService instance.

create_web_service_custom_policy(Name=None, Enabled=None, Severity=None, Action=None, FollowedAction=None, SendToCd=None, DisplayResponsePage=None, ApplyTo=None, MatchCriteria=None, OneAlertPerSession=None, update=False)¶

Create (or update) a “web service custom” policy. >>> policy = mx.create_web_service_custom_policy(Name=”new custom policy”, Enabled=True, Severity=”High”, Action=’block’, FollowedAction=”Short IP Block”, DisplayResponsePage=False, SendToCd=False, ApplyTo=[{‘siteName’: ‘site name’, ‘webServiceName’: ‘advanced web service’, ‘serverGroupName’: ‘server group name’}], OneAlertPerSession=False, MatchCriteria=[{‘type’: ‘httpRequestHeaderValue’, ‘operation’: ‘atLeastOne’, ‘values’: [‘516’, ‘2560’], ‘name’: ‘Content-Length’}, {‘type’: ‘violations’, ‘operation’: ‘atLeastOne’, ‘values’: [‘Post Request - Missing Content Type’]}]) :type Name: string :param Name: Policy Name :param Enabled: See imperva_sdk.WebServiceCustomPolicy.WebServiceCustomPolicy.Enabled :param Severity: See imperva_sdk.WebServiceCustomPolicy.WebServiceCustomPolicy.Severity :param Action: See imperva_sdk.WebServiceCustomPolicy.WebServiceCustomPolicy.Action :param FollowedAction: See imperva_sdk.WebServiceCustomPolicy.WebServiceCustomPolicy.FollowedAction :param SendToCd: See imperva_sdk.WebServiceCustomPolicy.WebServiceCustomPolicy.SendToCd :param DisplayResponsePage: See imperva_sdk.WebServiceCustomPolicy.WebServiceCustomPolicy.DisplayResponsePage :param ApplyTo: See imperva_sdk.WebServiceCustomPolicy.WebServiceCustomPolicy.ApplyTo :param MatchCriteria: See imperva_sdk.WebServiceCustomPolicy.WebServiceCustomPolicy.MatchCriteria :param OneAlertPerSession: See imperva_sdk.WebServiceCustomPolicy.WebServiceCustomPolicy.OneAlertPerSession :type update: boolean :param update: If update=True and the resource already exists, update and return the existing resource. If update=False (default) and the resource exists, an exception will be raised.

Return type: imperva_sdk.WebServiceCustomPolicy.WebServiceCustomPolicy
Returns: Created WebServiceCustomPolicy instance.

delete_action(Name=None, ActionSet=None)¶

Parameters

Name (string) – Action Name
ActionSet (string) – Action Set Name

delete_action_set(Name=None)¶

Parameters: Name (string) – Action Set Name

delete_all_sites()¶: Deletes all the sites, excluding default one which cannot be deleted. If no (custom) site exists, nothing happens.

delete_all_web_service_custom_policies(SkipList=None)¶: Delete all custom web service policies

delete_assessment_scan(Name=None)¶

delete_classification_profile(Name=None)¶

delete_classification_scan(Name=None)¶

delete_data_enrichment_policy(Name=None)¶

delete_db_application(Name=None, DbService=None, ServerGroup=None, Site=None)¶

delete_db_audit_policy(Name=None)¶

delete_db_connection()¶

delete_db_security_policy(Name=None)¶

delete_db_service(Name=None, ServerGroup=None, Site=None)¶

delete_http_protocol_signatures_policy(Name=None)¶: Deletes policy. If policy does not exist, an exception will be raised. Cannot delete ADC predefined policies. :type Name: string :param Name: Policy name.

delete_krp_rule(WebService=None, ServerGroup=None, Site=None, GatewayGroup=None, Alias=None, GatewayPorts=[])¶: Deletes KRP rule. If krp rule does not exist, an exception will be raised. :type WebService: string :param WebService: Web service name :type ServerGroup: string :param ServerGroup: Server Group name :type Site: string :param Site: Site name :param GatewayGroup: See imperva_sdk.KrpRule.KrpRule.GatewayGroup :param Alias: See imperva_sdk.KrpRule.KrpRule.Alias :param GatewayPorts: See imperva_sdk.KrpRule.KrpRule.GatewayPorts. Can be only one of the inbound ports but needs to be a list type [].

delete_parameter_type_global_object(Name=None)¶: Deletes global object. :type Name: string :param Name: Global Object name.

delete_profile_url(Application=None, WebService=None, ServerGroup=None, Site=None, UrlName=None)¶: Deletes an application profile URL. .. note:: Uses APIs that were introduced in v12.3. :type Application: string :param Application: Web application name :type WebService: string :param WebService: Web service name :type ServerGroup: string :param ServerGroup: Server Group name :type Site: string :param Site: Site name :type UrlName: string :param UrlName: Url Name (Path)

delete_server_group(Name=None, Site=None)¶: Deletes the server group, including all resources under it. If server group does not exist, an exception will be raised. :type Name: string :param Name: Server group name :type Site: string :param Site: Site name

delete_site(Name=None)¶: Deletes the entire site, including all resources under that site. If site does not exist, an exception will be raised. :type Name: string :param Name: Site name

delete_trp_rule(WebService=None, ServerGroup=None, Site=None, ServerIp=None, ListenerPorts=[])¶: Deletes TRP rule. If trp rule does not exist, an exception will be raised. :type WebService: string :param WebService: Web service name :type ServerGroup: string :param ServerGroup: Server Group name :type Site: string :param Site: Site name :param ServerIp: See imperva_sdk.TrpRule.TrpRule.ServerIp :param ListenerPorts: See imperva_sdk.TrpRule.TrpRule.ListenerPorts. Can be only one of the ports but needs to be a list type [].

delete_web_application(Name=None, WebService=None, ServerGroup=None, Site=None)¶: Deletes the web application. If web application does not exist, an exception will be raised. :type Name: string :param Name: Web application name :type WebService: string :param WebService: Web service name :type ServerGroup: string :param ServerGroup: Server Group name :type Site: string :param Site: Site name

delete_web_application_custom_policy(Name=None)¶: Deletes policy. If policy does not exist, an exception will be raised. Cannot delete ADC predefined policies. :type Name: string :param Name: Policy name.

delete_web_profile_policy(Name=None)¶: Deletes policy. If policy does not exist, an exception will be raised. Cannot delete ADC predefined policies. :type Name: string :param Name: Policy name.

delete_web_service(Name=None, ServerGroup=None, Site=None)¶: Deletes the web service, including all resources under it. If web service does not exist, an exception will be raised. :type Name: string :param Name: Web service name :type ServerGroup: string :param ServerGroup: Server Group name :type Site: string :param Site: Site name

delete_web_service_custom_policy(Name=None)¶: Deletes policy. If policy does not exist, an exception will be raised. Cannot delete ADC predefined policies. :type Name: string :param Name: Policy name.

export_action_sets()¶: Export all the action sets in the MX >>> specificExport = srcMx.export_action_sets() >>> pSpecificExport = json.loads(specificExport) :return json object

export_agent_configurations()¶: Export all agents configurations in the MX >>> specificExport = srcMx.export_agents_configuration() >>> pSpecificExport = json.loads(specificExport) :return json object

export_dam_global_objects()¶: Export all the dam global objects in the MX :return a dictionary in a json like format

export_dam_policies()¶: Export all the dam policies in the MX >>> specificExport = srcMx.export_dam_policies() >>> pSpecificExport = json.loads(specificExport) :return a dictionary in a json like format

export_dam_reports()¶: Export all the dam reports in the MX :return a dictionary in a json like format

export_das_objects()¶: Export all the das objects in the MX :return a dictionary in a json like format

export_to_json(Discard=[])¶

Export MX configuration to a JSON string. .. note:: The function only exports objects that are implemented in imperva_sdk. It is not the entire MX configuration. >>> import pprint >>> import json >>> export = mx.export_to_json(Dicard=[‘policies’]) >>> pprint.pprint(json.loads(export)) {u’metadata’: {u’Challenge’: u’k+hvfY+Vgv8a’,

u’ExportTime’: u‘2017-04-12 13:39:10’, u’Host’: u‘10.0.0.1’, u’SdkVersion’: u‘0.1.4’, u’Version’: u‘12.0.0.41’},

u’policies’: {}, u’sites’: [{u’Name’: u’site name’,

u’server_groups’: [{u’Name’: u’server group name’,
u’OperationMode’: u’simulation’, u’web_services’: [{u’ForwardedClientIp’: {u’forwardClientIP’: True,

u’forwardHeaderName’: u’X-Forwarded-For’},

u’ForwardedConnections’: {u’forwardedConnections’: [{u’headerName’: u’X-Forwarded-For’,

u’proxyIpGroup’: u’‘}],

u’useHttpForwardingHeader’: True},

u’Name’: u’advanced web service’, u’Ports’: [8080], u’SslKeys’: [{u’certificate’: u’‘,

u’format’: u’pem’, u’hsm’: False, u’password’: u’‘, u’private’: u’‘, u’sslKeyName’: u’key name’}],

u’SslPorts’: [8443], u’krp_rules’: [{u’Alias’: u’aa’,

u’ClientAuthenticationAuthorities’: None, u’GatewayGroup’: u’giora-tmp2’, u’GatewayPorts’: [8443], u’Name’: u’giora-tmp2-aa-[8443]’, u’OutboundRules’: [{u’clientAuthenticationRules’: None,

u’encrypt’: False, u’externalHost’: None, u’internalIpHost’: u‘1.2.3.4’, u’priority’: 1, u’serverPort’: 443, u’urlPrefix’: None, u’validateServerCertificate’: False}],

u’ServerCertificate’: u’key name’}],

u’web_applications’: [{u’IgnoreUrlsDirectories’: None,
u’LearnSettings’: u’LearnAll’, u’Name’: u’Default Web Application’, u’ParseOcspRequests’: False, u’RestrictMonitoringToUrls’: None}]},

{u’ForwardedClientIp’: {u’forwardClientIP’: False,

u’forwardHeaderName’: u’X-Forwarded-For’},

u’ForwardedConnections’: {u’forwardedConnections’: [],
u’useHttpForwardingHeader’: False},

u’Name’: u’simple web service’, u’Ports’: [80], u’SslKeys’: [], u’SslPorts’: [443], u’krp_rules’: [], u’web_applications’: [{u’IgnoreUrlsDirectories’: None,

u’LearnSettings’: u’LearnAll’, u’Name’: u’Default Web Application’, u’ParseOcspRequests’: False, u’RestrictMonitoringToUrls’: None}]}]}]}]}

Parameters: Discard (list of string) – Objects or attributes to discard from export. For example, you can choose not to export all policy information by passing [‘policies’] or only discard certain attributes of policy objects by passing [‘MatchCriteria’, ‘ApplyTo’]
Return type: JSON string
Returns: string in JSON format representing MX configuration export (and can be used by imperva_sdk.MxConnection.import_from_json() function)

get_action(Name=None, ActionSet=None)¶

Parameters

Name (string) – Action Name
ActionSet (string) – Action Set Name

Return type

imperva_sdk.Action.Action

Returns

Action instance of specified action in Action Set.

get_action_set(Name=None)¶

Parameters: Name (string) – Action Set Name
Return type: imperva_sdk.ActionSet.ActionSet
Returns: ActionSet instance of specified action set.

get_agent_configuration(Name, Ip=None)¶

Parameters: Name (string) – Agent Name
Return type: imperva_sdk.AgentConfiguration.AgentConfiguration
Returns: AgentConfiguration instance.

get_agent_monitoring_rule(Name)¶

Parameters: Name (string) – Rule Name
Return type: imperva_sdk.AgentMonitoringRule.AgentMonitoringRule
Returns: AgentMonitoringRule instance of specified policy.

get_all_action_sets()¶

Return type: list of imperva_sdk.ActionSet.ActionSet
Returns: List of all “action sets”.

get_all_actions(ActionSet=None)¶

Return type: list of imperva_sdk.Action.Action
Returns: List of all actions in an action set.

get_all_agent_configurations()¶

Return type: list of imperva_sdk.AgentConfiguration.AgentConfiguration
Returns: List of all agent configurations.

get_all_agent_monitoring_rule_dam_global_objects()¶

Return type: list of imperva_sdk.AgentMonitoringRule.AgentMonitoringRule
Returns: List of all agent monitoring rules.

get_all_agent_monitoring_rules_by_agent(AgentName=None, AgentTags=[])¶

Parameters

AgentName – Agent name
AgentTags – list of all the agent’s tags

Returns

List of AgentMonitoringRule objects that belong to the agent

get_all_assessment_policies()¶

get_all_assessment_scan_das_objects()¶

get_all_assessment_tests()¶

get_all_classification_profiles()¶

get_all_classification_scan_das_objects()¶

get_all_cloud_account_dam_global_objects()¶

get_all_dam_global_objects_types()¶: Returns all DAM available global_object types

get_all_dam_policies_types()¶: Returns all DAM available policies types

get_all_dam_reports_types()¶: Returns all available DAM report types

get_all_das_objects_types()¶: Returns all available DAS object types

get_all_data_enrichment_dam_policies()¶

get_all_data_type_dam_global_objects()¶

Return type: list of imperva_sdk.DataType.DataType
Returns: List of all data types.

get_all_db_applications(ServerGroup=None, Site=None, DbService=None)¶

get_all_db_audit_dam_policies()¶

get_all_db_audit_dam_reports()¶

Return type: list of imperva_sdk.DBAuditReport.DBAuditReport
Returns: List of all db audit reports.

get_all_db_connections(Site=None, ServerGroup=None, ServiceName=None)¶

get_all_db_security_dam_policies()¶

get_all_db_services(ServerGroup=None, Site=None)¶

get_all_discovery_scan_das_objects()¶

get_all_gatewaygroups(IsCloud=None)¶: Get All GatewayGroups

get_all_gateways(gatewayGroup=None)¶: Get All Gateways in a GatewayGroup

get_all_global_object_types()¶: Returns all available global_object types

get_all_global_objects()¶: Returns all global objects by type

get_all_http_protocol_signatures_policies()¶

Return type: list of imperva_sdk.HttpProtocolSignaturesPolicy.HttpProtocolSignaturesPolicy
Returns: List of all “http protocol signatures” policies.

get_all_ip_group_dam_global_objects()¶

get_all_krp_rules(ServerGroup=None, Site=None, WebService=None)¶

Parameters

WebService (string) – Web Service name
ServerGroup (string) – Server group name
Site (string) – Site name

Return type

list of imperva_sdk.KrpRule.KrpRule

Returns

List of all KRP rules (inbound and outbound) under specified web service.

get_all_lookup_data_set_dam_global_objects()¶

Return type: list of imperva_sdk.LookupDataSet.LookupDataSet
Returns: List of all lookup data sets.

get_all_parameter_type_global_objects()¶

Return type: list of imperva_sdk.ParameterTypeGlobalObject.ParameterTypeGlobalObject
Returns: List of all “parameter type configuration” global objects.

get_all_policies()¶: Returns all policy objects by policy type

get_all_policy_types()¶: Returns all available policy types

get_all_server_groups(Site=None)¶

Parameters: Site (string) – Site name
Return type: list of imperva_sdk.Servergroup.ServerGroup
Returns: List of all server groups in MX under a given site

get_all_services(Site=None)¶: Get the MatchAll list of services to push against ApplyTo=’all’ or ApplyTo=Site if specified

get_all_sites()¶

Return type: list of imperva_sdk.Site.Site
Returns: List of all sites in MX

get_all_table_group_dam_global_objects()¶

Return type: list of imperva_sdk.TableGroup.TableGroup
Returns: List of all table groups.

get_all_tags()¶

get_all_trp_rules(ServerGroup=None, Site=None, WebService=None)¶

Parameters

WebService (string) – Web Service name
ServerGroup (string) – Server group name
Site (string) – Site name

Return type

list of imperva_sdk.TrpRule.TrpRule

Returns

List of all TRP rules under specified web service.

get_all_web_application_custom_policies()¶

Return type: list of imperva_sdk.WebApplicationCustomPolicy.WebApplicationCustomPolicy
Returns: List of all “web application custom” policies.

get_all_web_applications(ServerGroup=None, Site=None, WebService=None)¶

Parameters

WebService (string) – Web Service name
ServerGroup (string) – Server group name
Site (string) – Site name

Return type

list of imperva_sdk.WebApplication.WebApplication

Returns

List of all web applications in MX under a given site, server group and web service

get_all_web_profile_policies()¶

Return type: list of imperva_sdk.WebProfilePolicy.WebProfilePolicy
Returns: List of all “web profile” policies.

get_all_web_service_custom_policies()¶

Return type: list of imperva_sdk.WebServiceCustomPolicy.WebServiceCustomPolicy
Returns: List of all “web service custom” policies.

get_all_web_services(ServerGroup=None, Site=None)¶

Parameters

ServerGroup (string) – Server group name
Site (string) – Site name

Return type

list of imperva_sdk.WebService.WebService

Returns

List of all web services in MX under a given site and server group

get_assessment_policy(Name=None)¶

get_assessment_scan(Name=None)¶

get_assessment_test(Name=None)¶

get_classification_profile(Name=None)¶

get_classification_scan(Name=None)¶

get_cloud_account(Name=None)¶

get_data_enrichment_policy(Name=None)¶

get_data_type(Name)¶

Parameters: Name (string) – data type Name
Return type: imperva_sdk.DataType.DataType
Returns: DataType instance of specified data type.

get_db_application(Name=None, ServerGroup=None, Site=None, DbService=None)¶

get_db_audit_policy(Name=None)¶

get_db_audit_report(Name)¶

Parameters: Name (string) – The report Name
Return type: imperva_sdk.DBAuditReport.DBAuditReport
Returns: DBAuditReport instance of specified report.

get_db_connection(SiteName=None, ServerGroupName=None, ServiceName=None, ConnectionName=None)¶

get_db_security_policy(Name=None)¶

get_db_service(Name=None, ServerGroup=None, Site=None)¶

get_discovery_scan(Name=None)¶

get_gatewaygroup(Name=None)¶: Get GatewayGroup

get_http_protocol_signatures_policy(Name=None)¶

Note

Policies with the / character in their name cannot be fetched.

Parameters: Name (string) – Policy Name
Return type: imperva_sdk.HttpProtocolSignaturesPolicy.HttpProtocolSignaturesPolicy
Returns: HttpProtocolSignaturesPolicy instance of specified policy.

get_ip_group(Name=None)¶

get_krp_rule(ServerGroup=None, Site=None, WebService=None, GatewayGroup=None, Alias=None, GatewayPorts=None)¶

Parameters

WebService (string) – Web Service name
ServerGroup (string) – Server Group name
Site (string) – Site name
GatewayGroup – See imperva_sdk.KrpRule.KrpRule.GatewayGroup
Alias – See imperva_sdk.KrpRule.KrpRule.Alias
GatewayPorts – See imperva_sdk.KrpRule.KrpRule.GatewayPorts. Can be only one of the inbound ports but needs to be a list type [].

Return type

imperva_sdk.KrpRule.KrpRule

Returns

KrpRule instance of a krp (reverse proxy) rule under web service with specified gateway group, alias and gateway port.

get_lookup_data_set(Name)¶

Parameters: Name (string) – data set Name
Return type: imperva_sdk.LookupDataSet.LookupDataSet
Returns: LookupDataSet instance of specified data set.

get_parameter_type_global_object(Name=None)¶

Parameters: Name (string) – Parameter Type Configuration Name
Return type: imperva_sdk.ParameterTypeGlobalObject.ParameterTypeGlobalObject
Returns: ParameterTypeGlobalObject instance of specified global object.

get_profile(Application=None, WebService=None, ServerGroup=None, Site=None)¶: Returns a JSON representation of the application profile (all screens). .. note:: Uses APIs that were introduced in v12.3. :type Application: string :param Application: Web application name :type WebService: string :param WebService: Web service name :type ServerGroup: string :param ServerGroup: Server Group name :type Site: string :param Site: Site name

get_profile_url(Application=None, WebService=None, ServerGroup=None, Site=None, UrlName=None)¶: Returns a JSON representation of the application profile URL. .. note:: Uses APIs that were introduced in v12.3. :type Application: string :param Application: Web application name :type WebService: string :param WebService: Web service name :type ServerGroup: string :param ServerGroup: Server Group name :type Site: string :param Site: Site name :type UrlName: string :param UrlName: Url Name (Path)

get_server_group(Name=None, Site=None)¶

Parameters

Name (string) – Server Group name
Site (string) – Site name

Return type

imperva_sdk.Servergroup.ServerGroup

Returns

ServerGroup instance of server group with specified name and site. (None if server group does not exist)

get_site(Name=None)¶

Parameters: Name (string) – Site name
Return type: imperva_sdk.Site.Site
Returns: Site instance of site with specified name. (None if site does not exist)

get_table_group(Name, IsSensitive=None, ServiceTypes=[])¶

Parameters

Name – Table group name (string)
IsSensitive – Is the table group sesitive (boolean)
ServiceTypes – a list of the servie types (list)

Returns

TableGroup instance of specified table group.

get_trp_rule(ServerGroup=None, Site=None, WebService=None, ServerIp=None, ListenerPorts=None)¶

Parameters

WebService (string) – Web Service name
ServerGroup (string) – Server Group name
Site (string) – Site name
ServerIp – See imperva_sdk.TrpRule.TrpRule.ServerIp
ListenerPorts – See imperva_sdk.TrpRule.TrpRule.ListenerPorts. Can be only one of the ports but needs to be a list type [].

Return type

imperva_sdk.TrpRule.TrpRule

Returns

TrpRule instance of a trp rule under web service with specified server IP and listener port.

get_web_application(Name=None, ServerGroup=None, Site=None, WebService=None)¶

Parameters

Name (string) – Web Application name
WebService (string) – Web Service name
ServerGroup (string) – Server Group name
Site (string) – Site name

Return type

imperva_sdk.WebApplication.WebApplication

Returns

WebApplication instance of web application with specified name, web service, server group and site. (None if web service does not exist)

get_web_application_custom_policy(Name=None)¶

Note

Policies with the / character in their name cannot be fetched.

Parameters: Name (string) – Policy Name
Return type: imperva_sdk.WebApplicationCustomPolicy.WebApplicationCustomPolicy
Returns: WebApplicationCustomPolicy instance of specified policy.

get_web_profile_policy(Name=None)¶

Note

Policies with the / character in their name cannot be fetched.

Parameters: Name (string) – Policy Name
Return type: imperva_sdk.WebProfilePolicy.WebProfilePolicy
Returns: WebProfilePolicy instance of specified policy.

get_web_service(Name=None, ServerGroup=None, Site=None)¶

Parameters

Name (string) – Web Service name
ServerGroup (string) – Server Group name
Site (string) – Site name

Return type

imperva_sdk.WebService.WebService

Returns

WebService instance of web service with specified name, server group and site. (None if web service does not exist)

get_web_service_custom_policy(Name=None)¶

Note

Policies with the / character in their name cannot be fetched.

Parameters: Name (string) – Policy Name
Return type: imperva_sdk.WebServiceCustomPolicy.WebServiceCustomPolicy
Returns: WebServiceCustomPolicy instance of specified policy.

import_action_sets(Json=None, update=True)¶

Import only the dam action sets from valid JSON string. >>> targetMx.import_action_sets(specificExport) :param Json (string): valid imperva_sdk JSON export :param update (boolean): Set to True to update existing resources (default in import function).

If set to False, existing resources will cause import operations to fail.

Returns: (list of dict) Log with details of all import events and their outcome.

import_agent_configurations(Json=None, update=True)¶

Import all the agent configuration from valid JSON string. >>> targetMx.import_agent_configurations(specificExport) :param Json (string): valid imperva_sdk JSON export :param update (boolean): Set to True to update existing resources (default in import function).

If set to False, existing resources will cause import operations to fail.

Returns: (list of dict) Log with details of all import events and their outcome.

import_dam_global_objects(Json=None, update=True)¶

Import only the dam global objects configuration from valid JSON string. :param Json (string): valid imperva_sdk JSON export :param update (boolean): Set to True to update existing resources (default in import function).

If set to False, existing resources will cause import operations to fail.

Returns: (list of dict) Log with details of all import events and their outcome.

import_dam_policies(Json=None, update=True)¶

Import only the dam policies from valid JSON string. >>> targetMx.import_dam_policies(specificExport) :param Json (string): valid imperva_sdk JSON export :param update (boolean): Set to True to update existing resources (default in import function).

If set to False, existing resources will cause import operations to fail.

Returns: (list of dict) Log with details of all import events and their outcome.

import_dam_reports(Json=None, update=True)¶

Import only the dam reports from valid JSON string. :param Json (string): valid imperva_sdk JSON export :param update (boolean): Set to True to update existing resources (default in import function).

If set to False, existing resources will cause import operations to fail.

Returns: (list of dict) Log with details of all import events and their outcome.

import_das_objects(Json=None, update=True)¶

Import only the das objects from valid JSON string. :param Json (string): valid imperva_sdk JSON export :param update (boolean): Set to True to update existing resources (default in import function).

If set to False, existing resources will cause import operations to fail.

Returns: (list of dict) Log with details of all import events and their outcome.

import_from_json(Json=None, update=True)¶: Import MX configuration from valid JSON string. It is a good idea to use imperva_sdk.MxConnection.export_to_json() as the basis for creating the JSON structure. .. note:: The function only imports objects that are implemented in imperva_sdk. It is not the entire MX configuration. >>> # Copy site tree (without policies) from one MX to another >>> mx1 = imperva_sdk.MxConnection(“10.0.0.1”) >>> mx2 = imperva_sdk.MxConnection(“10.0.0.2”) >>> export = mx1.export_to_json(Discard=[‘policies’]) >>> log = mx2.import_from_json(export) >>> log[0] {‘Function’: ‘create_site’, ‘Parent’: ‘<imperva_sdk.MxConnection object at 0x27ff510>’, ‘Parameters’: u’Name=Default Site’, ‘Result’: ‘SUCCESS’} :type Json: string :param Json: valid imperva_sdk JSON export :type update: boolean :param update: Set to True to update existing resources (default in import function). If set to False, existing resources will cause import operations to fail. :rtype: list of dict :return: Log with details of all import events and their outcome.

logout()¶: Close connection to MX

reset_password(Username=None, Password=None, Enabled=True, Locked=False, ReadOnly=False)¶

update_assessment_scan(Name=None, Parameter=None, Value=None)¶

update_classification_scan(Name=None, Parameter=None, Value=None)¶

update_data_enrichment_policy(Name=None, Rules=[], MatchCriteria=[], ApplyTo=[])¶

update_db_connection(SiteName=None, ServerGroupName=None, ServiceName=None, ConnectionName=None, UserName=None, Password=None, Port=None, IpAddress=None, DbName=None, ServerName=None, UserMapping=None, ConnectionString=None, ServiceDirectory=None, TnsAdmin=None, HomeDirectory=None, Instance=None, HostName=None)¶

update_profile(Application=None, WebService=None, ServerGroup=None, Site=None, Profile=None, SwaggerJson=None)¶: Updates (overwrites) the entire application profile with a given profile or swagger JSON. Run a get_profile() on the MX to see the format. .. note:: Uses APIs that were introduced in v12.3. :param Profile: imperva_sdk profile JSON object (dictionary) :param SwaggerJSON: Swagger JSON (dictionary) to be converted to profile JSON and used for profile update :type Application: string :param Application: Web application name :type WebService: string :param WebService: Web service name :type ServerGroup: string :param ServerGroup: Server Group name :type Site: string :param Site: Site name

update_profile_url(Application=None, WebService=None, ServerGroup=None, Site=None, UrlProfile=None, UrlName=None)¶: Updates (overwrites) a URL profile settings with a given URL profile. Run a get_profile_url() on the MX to see the format. .. note:: Uses APIs that were introduced in v12.3. :param UrlProfile: imperva_sdk URL profile JSON object (dictionary) :type Application: string :param Application: Web application name :type WebService: string :param WebService: Web service name :type ServerGroup: string :param ServerGroup: Server Group name :type Site: string :param Site: Site name :type UrlName: string :param UrlName: Url Name (Path)

upload_license(LicenseContent=None, LicenseFile=None, LicenseURL=None, FlexProtectCode=None)¶: Upload a license file to the system (specify one of the three formats). >>> mx.upload_license(LicenseFile=’/etc/passwd’) … imperva_sdk.MxException: MX returned errors - [{u’error-code’: u’IMP-12101’, u’description’: u’Invalid license file’}] :type LicenseContent: string :param LicenseContent: License file encoded in Base64 :type LicenseFile: string :param LicenseFile: Path to license file on local system :type LicenseURL: string :param LicenseURL: Accessible URL to download license file from :type FlexProtectCode: string :param FlexProtectCode: FlexProtect License code in clear text

Site Class¶

class imperva_sdk.Site.Site(connection=None, Name=None)¶

MX Site Object

>>> site = mx.create_site("my site")
>>> site.Name = "new name"

property Name¶: Site Name

create_server_group(Name=None, OperationMode=None, ProtectedIps=[], ServerIps=[], update=False)¶: See imperva_sdk.MxConnection.create_server_group().

delete_server_group(Name=None)¶: See imperva_sdk.MxConnection.delete_server_group().

get_all_server_groups()¶: See imperva_sdk.MxConnection.get_all_server_groups().

get_server_group(Name=None)¶: See imperva_sdk.MxConnection.get_server_group().

ServerGroup Class¶

class imperva_sdk.ServerGroup.ServerGroup(connection=None, Name=None, Site=None, OperationMode=None, ProtectedIps=[], ServerIps=[])¶

MX Server Group Class Updated

>>> sg = site.create_server_group("my server group")
>>> sg.OperationMode = 'active'

property Name¶: Server Group Name

property OperationMode¶: Server Group Operation Mode - ‘simulation’, ‘active’ or ‘disabled’

property ProtectedIps¶: Protected IPs - e.g. [{‘ip’: ‘192.168.1.1’, ‘gateway-group’: ‘gg name’}, {‘ip’: ‘192.168.1.2’, ‘gateway-group’: ‘gg name’}]

property ServerIps¶: Server IPs - e.g. [“192.168.1.1”,”192.168.1.2”]

create_db_service(Name=None, ServerGroup=None, Site=None, Ports=[], DefaultApp=None, DbMappings=[], TextReplacement=[], LogCollectors=[], DbServiceType=None, update=False)¶

create_db_service_pc(Name=None, ServerGroup=None, Site=None, Ports=[], DefaultApp=None, DbMappings=[], TextReplacement=[], LogCollectors=[], DbServiceType=None, update=False)¶

create_web_service(Name=None, ServerGroup=None, Site=None, Ports=[], SslPorts=[], ForwardedConnections={}, ForwardedClientIp={}, SslKeys=[], TrpMode=None, update=False)¶: See imperva_sdk.MxConnection.create_web_service().

delete_db_service(Name=None)¶

delete_web_service(Name=None)¶: See imperva_sdk.MxConnection.delete_web_service().

get_all_db_services()¶

get_all_web_services()¶: See imperva_sdk.MxConnection.get_all_web_services().

get_db_service(Name=None)¶

get_web_service(Name=None)¶: See imperva_sdk.MxConnection.get_web_service().

WebService Class¶

class imperva_sdk.WebService.WebService(connection=None, Name=None, ServerGroup=None, Site=None, Ports=[], SslPorts=[], ForwardedConnections={}, ForwardedClientIp={}, SslKeys=[], TrpMode=None)¶

MX Web Service Class

>>> ws = sg.create_web_service("web service name")
>>> ws.ForwardedConnections
{}
>>> ws.krp_xff_enable()
>>> ws.ForwardedConnections
{'useHttpForwardingHeader': True, 'forwardedConnections': [{'headerName': 'X-Forwarded-For', 'proxyIpGroup': ''}]}
>>> ws.SslKeys
[]
>>> ws.upload_ssl_certificate(SslKeyName="key name", Private=key_data, Certificate=key_data)
>>> ws.SslKeys
[{'certificate': '', 'format': 'pem', 'private': '', 'hsm': False, 'sslKeyName': 'key name', 'password': ''}]

property ForwardedClientIp¶

Web Service ForwardedClientIp (edit available with krp_xff_enable and krp_xff_disable functions). For KRP - report forwarded client IP in HTTP header.

>>> ws.ForwardedClientIp
{'forwardHeaderName': 'X-Forwarded-For', 'forwardClientIP': True}

forwardClientIP (boolean) - Indicates if the reverse proxy forwards the original IP address in the header defined by the forwardHeaderName parameter (default=False).
forwardHeaderName (string) - Header name that includes the original IP address of the client (default=”X-Forwarded-For”).

property ForwardedConnections¶

Web Service ForwardedConnections (edit available with krp_xff_enable and krp_xff_disable functions). Identify real client IP according to HTTP forwarding header.

>>> ws.ForwardedConnections
{u'useHttpForwardingHeader': True, u'forwardedConnections': [{u'headerName': u'X-Forwarded-For', u'proxyIpGroup': u''}, {u'headerName': u'Fake-Forward-Header', u'proxyIpGroup': u'Google IP Addresses'}]}

useHttpForwardingHeader (boolean) - Indicate if the gateway should identify the real client IP according to the HTTP forwarding header (XFF) in the header defined by the forwardHeaderName parameter (default=False).
forwardedConnections (list of dict) - List of forward connection definitions:
- headerName (string) - Name of the forwarding header.
- proxyIpGroup (string) - Name of the IP Group of proxies. For “Any IP” use empty string (“”).

property Name¶: Web Service Name (string)

property Ports¶: Web Service Ports (list of int). Edit not implemented.

property SslKeys¶

Web Service SSL Certificates/Keys (edit available with upload_ssl_certificate and delete_ssl_certificate functions). Object instance does not store certificate/private/password information.

>>> ws.SslKeys
[{'certificate': '', 'format': 'pem', 'private': '', 'hsm': False, 'sslKeyName': u'key name', 'password': ''}]
>>> ws.delete_ssl_certificate("key name")
>>> ws.SslKeys
[]

sslKeyName (string) - The name of the SSL Key in SecureSphere.
format (constant) - imperva_sdk only supports ‘pem’ format.
hsm (boolean) - Is certificate used by HSM (default=False).
certificate (string) - Base64 encoded PEM certificate.
private (string) - Base64 encoded PEM certificate.
password (string) - File password (default=”“).

property SslPorts¶: Web Service SSL Ports (list of int). Edit not implemented.

property TrpMode¶: Transparent Reverse Proxy Mode (True/False)

create_krp_rule(GatewayGroup=None, Alias=None, GatewayPorts=[], ServerCertificate=None, OutboundRules=[], ClientAuthenticationAuthorities=None, Name=None, update=False)¶: See imperva_sdk.MxConnection.create_krp_rule().

create_trp_rule(ServerIp=None, ListenerPorts=[], ServerSidePort=None, EncryptServerConnection=None, Certificate=None, Name=None, update=False)¶: See imperva_sdk.MxConnection.create_trp_rule().

create_web_application(Name=None, LearnSettings=None, ParseOcspRequests=None, RestrictMonitoringToUrls=None, IgnoreUrlsDirectories=None, Profile=None, Mappings=None, update=False)¶: See imperva_sdk.MxConnection.create_web_application().

delete_krp_rule(GatewayGroup=None, Alias=None, GatewayPorts=[])¶: See imperva_sdk.MxConnection.delete_krp_rule().

delete_ssl_certificate(SslKeyName=None)¶: Deletes SSL Certificate from Web Service. See imperva_sdk.WebService.SslKeys.

delete_trp_rule(ServerIp=None, ListenerPorts=[])¶: See imperva_sdk.MxConnection.delete_trp_rule().

delete_web_application(Name=None)¶: See imperva_sdk.MxConnection.delete_web_application().

get_all_krp_rules()¶: See imperva_sdk.MxConnection.get_all_krp_rules().

get_all_trp_rules()¶: See imperva_sdk.MxConnection.get_all_trp_rules().

get_all_web_applications()¶: See imperva_sdk.MxConnection.get_all_web_applications().

get_krp_rule(GatewayGroup=None, Alias=None, GatewayPorts=[])¶: See imperva_sdk.MxConnection.get_krp_rule().

get_trp_rule(ServerIp=None, ListenerPorts=[])¶: See imperva_sdk.MxConnection.get_trp_rule().

get_web_application(Name=None)¶: See imperva_sdk.MxConnection.get_web_application().

get_web_plugins()¶: Exports (from current MX connection) all plugins defined for the current Web Service.

krp_xff_disable()¶

For AWS KRP disable XFF.

Modifies ForwardedConnections and ForwardedClientIp attributes.

krp_xff_enable()¶

For AWS KRP enable XFF. Use “X-Forwarded-For” client IP address from any proxy (ELB) and pass the IP forward in XFF header (client IP).

Modifies ForwardedConnections and ForwardedClientIp attributes.

update_all_plugins(SwaggerJsonList=None, PluginsDefinitions=None, PrintPayload=False)¶: Updates all plugins defined for current Web Service. Input should be either an already exported plugins object or a list of SwaggerJsonFile instances.

upload_ssl_certificate(SslKeyName=None, Hsm=False, Private=None, Certificate=None)¶: Uploads SSL Certificate to Web Service. See imperva_sdk.WebService.SslKeys.

WebApplication Class¶

class imperva_sdk.WebApplication.WebApplication(connection=None, WebService=None, Name=None, ServerGroup=None, Site=None, LearnSettings=None, ParseOcspRequests=False, RestrictMonitoringToUrls=None, IgnoreUrlsDirectories=None, Mappings=[])¶

MX Web Application Class

>>> wa = ws.get_web_application("Default Web Application")
>>> wa.Name = "web application name"                                                                  
>>> wa.LearnSettings
u'LearnAll'
>>> wa.LearnSettings = 'LearnAllExceptStatics'

property IgnoreUrlsDirectories¶: Name of URL Prefixes / Directory Group global object of URLs to ignore (string)

property LearnSettings¶: Web Application parameter learn mode (‘LearnAll’, ‘LearnAllExceptStatics’ or ‘LearnUrlsWithParams’)

property Mappings¶

Host to Application mappings (taken from service to application level)

>>> app.Mappings
[{ "priority": 1, "host": "www.myapp.com", "hostMatchType": "Exact" }]

property Name¶: Web Application name (string)

property ParseOcspRequests¶: Indicates whether to parse OCSP requests for this application (boolean). Default=False

property RestrictMonitoringToUrls¶: Name of URL Prefixes / Directory Group global object that restricts monitoring to these URLs (string)

delete_profile_url(UrlName=None)¶: See imperva_sdk.MxConnection.delete_profile_url().

get_profile()¶: See imperva_sdk.MxConnection.get_profile().

get_profile_url(UrlName=None)¶: See imperva_sdk.MxConnection.get_profile_url().

update_profile(Profile=None, SwaggerJson=None)¶: See imperva_sdk.MxConnection.update_profile().

update_profile_url(UrlProfile=None, UrlName=None)¶: See imperva_sdk.MxConnection.update_profile_url().

KrpRule Class¶

class imperva_sdk.KrpRule.KrpRule(connection=None, WebService=None, Name=None, ServerGroup=None, Site=None, GatewayGroup=None, Alias=None, GatewayPorts=[], ServerCertificate=None, OutboundRules=[], ClientAuthenticationAuthorities=None)¶

MX KRP (Reverse Proxy) Rules (Inbound + Outbound) Class

Each KRP rule must have at least one outbound rule.

The GatewayGroup and Alias attributes need to be available in the MX (e.g. created when GW registers) to be used by KRP rules.

Note

Edit is not implemented for the KrpRule attriebutes.

>>> ws.create_krp_rule(Alias="alias name", GatewayGroup="gg name", GatewayPorts=[8443], ServerCertificate="key name", OutboundRules=[{'priority': 1, 'externalHost': 'www.imperva.com', 'urlPrefix': '/login', 'encrypt': True, 'internalIpHost': '192.168.0.1', 'serverPort': 443}])

property Alias¶: The name of the Gateway alias that defines the inbound KRP rule (string). Needs to be available before KRP rule creation.

property ClientAuthenticationAuthorities¶: A Certificate Authority Group to associate with web server (string)

property GatewayGroup¶: The name of the server group that contains the gateways on which the alias was created (string). Needs to be available before KRP rule creation.

property GatewayPorts¶

The port that defines the inbound KRP rule (list of int). In most functions you can specify only one port in the list even if there are more -

>>> ws.create_krp_rule(Alias="aa", GatewayGroup="giora-tmp2", GatewayPorts=[443, 8443], ServerCertificate="key name", OutboundRules=[{'priority': 1, 'externalHost': 'www.imperva.com', 'urlPrefix': '/login', 'encrypt': True, 'internalIpHost': '192.168.0.1', 'serverPort': 443}])
>>> ws.delete_krp_rule(Alias="aa", GatewayGroup="giora-tmp2", GatewayPorts=[443])                     

property Name¶: KRP Rule internal imperva_sdk name (you can disregard)

property OutboundRules¶

Map of Outbound KRP rules, at least one rule is required.

>>> krp_rules = ws.get_all_krp_rules()
>>> krp_rules[0].OutboundRules
[{u'internalIpHost': u'192.168.0.1', u'encrypt': True, 'clientAuthenticationRules': None, u'urlPrefix': u'/login', 'priority': 1, u'serverPort': 443, u'externalHost': u'www.imperva.com', u'validateServerCertificate': False}]

externalHost (string) - Specify the external host name for which this rule will be applied. Optional. When missing - external host is “any”.
urlPrefix (string) - Specify the prefix of URLs (for example, /login/) for which traffic is to be directed to. Optional. When missing - url prefix is “any”.
internalIpHost (string) - The IP address or the hostname of the Web server to which traffic is forwarded.
serverPort (int) - The port number on the Web server to which traffic is forwarded.
encrypt (boolean) - Indicate whether to encrypt the connection between the SecureSphere gateway and the Web server. Default=False.
clientAuthenticationRules (string) - The Client Authentication Rules that determine the course of action taken when certificate validation succeeds or fails. Optional.
validateServerCertificate (boolean) - Validate the certificate presented by the web server. Optional (Default=False)

property ServerCertificate¶: The SSL Key name of the certificate which will be presented to the client (string). See imperva_sdk.WebService.SslKeys.

TrpRule Class¶

class imperva_sdk.TrpRule.TrpRule(connection=None, WebService=None, Name=None, ServerGroup=None, Site=None, ListenerPorts=[], ServerIp=None, ServerSidePort=None, EncryptServerConnection=None, Certificate=None)¶

MX TRP (Transparent Reverse Proxy) Rules Class

property Certificate¶: Certificate name if TRP listener is HTTPS

property EncryptServerConnection¶: Whether web server is HTTP or HTTPS (boolean)

property ListenerPorts¶: The port that defines the TRP rule (list of int). In most functions you can specify only one port in the list even if there are more.

property Name¶: TRP Rule internal imperva_sdk name (you can disregard)

property ServerIp¶: The protected server IP.

property ServerSidePort¶: The HTTP/HTTPS port on the server side.

WebServiceCustomPolicy Class¶

class imperva_sdk.WebServiceCustomPolicy.WebServiceCustomPolicy(connection=None, Name=None, Enabled=None, Severity=None, Action=None, FollowedAction=None, SendToCd=None, DisplayResponsePage=None, ApplyTo=[], MatchCriteria=[], OneAlertPerSession=None)¶

MX Web Service Custom Policy Class

>>> pol = mx.get_web_service_custom_policy("Anti Google Hacking - 2")
>>> pol.Severity
u'high'
>>> pol.Severity = 'medium'
>>> pol.ApplyTo
[]
>>> ws
<imperva_sdk 'WebService' Object - 'web service name'>
>>> pol.ApplyTo = [ws]
>>> pol.ApplyTo
[<imperva_sdk 'WebService' Object - 'web service name'>]
>>> # Create user defined copy of policy
>>> pol_dict = dict(pol)
>>> pol_dict['Name'] = 'user defined - %s' % pol_dict['Name']
>>> mx.create_web_service_custom_policy(**pol_dict)
<imperva_sdk 'WebServiceCustomPolicy' Object - 'user defined - Anti Google Hacking - 2'>

property Action¶: Policy action (‘none’, ‘block’)

property ApplyTo¶

Web Services that policy is applied to (list of imperva_sdk.WebService objects). Can be in API JSON format or WebService objects

>>> pol.ApplyTo = [{'siteName': 'site name', 'serverGroupName': 'server group name', 'webServiceName': 'web service name'}]
>>> pol.ApplyTo
[<imperva_sdk 'WebService' Object - 'web service name'>]

siteName - Name of the site (string)
serverGroupName - Name of the server group (string)
webServiceName - Name of the web service (string)

property DisplayResponsePage¶: Show response page in alerts (boolean)

property Enabled¶: Is policy enabled? (boolean)

property FollowedAction¶: Policy followed action (string - Action Set Name)

property MatchCriteria¶

Policy Match Criteria in API JSON format. See the Open API documentation for a complete list of available match criteria parameters.

>>> pol = mx.get_web_service_custom_policy("Adobe ColdFusion Administrator Access Restriction")
>>> pol.MatchCriteria
[{u'type': u'httpRequestUrl', u'operation': u'atLeastOne', u'values': [u'/CFIDE/administrator', u'/CFIDE/gettingstarted', u'/CFIDE/componentutils', u'/CFIDE/adminapi'], u'match': u'prefix'}, {u'operation': u'excludeAll', u'ipGroups': [u'Internal IP Addresses'], u'type': u'sourceIpAddresses'}]

property Name¶: The name of the policy (string)

property OneAlertPerSession¶: Allow only one alert to be created for every web session (boolean)

property SendToCd¶: Send policy alerts to community defense. Applicable for only some predefined policies (boolean)

property Severity¶: Alert Severity (‘high’, ‘medium’, ‘low’, ‘informative’, ‘noAlert’)

WebApplicationCustomPolicy Class¶

class imperva_sdk.WebApplicationCustomPolicy.WebApplicationCustomPolicy(connection=None, Name=None, Enabled=None, Severity=None, Action=None, FollowedAction=None, SendToCd=None, DisplayResponsePage=None, ApplyTo=[], MatchCriteria=[], OneAlertPerSession=None)¶

MX Web Application Custom Policy Class

property Action¶: Policy action (‘none’, ‘block’)

property ApplyTo¶

Web Applications that policy is applied to (list of imperva_sdk.WebApplication objects). Can be in API JSON format or WebApplication objects

>>> pol.ApplyTo = [{'siteName': 'site name', 'serverGroupName': 'server group name', 'webServiceName': 'web service name', 'webApplicationName': 'web application name'}]
>>> pol.ApplyTo
[<imperva_sdk 'WebApplication' Object - 'web application name'>]

siteName - Name of the site (string)
serverGroupName - Name of the server group (string)
webServiceName - Name of the web service (string)
webApplicationName - Name of the web application (string)

property DisplayResponsePage¶: Show response page in alerts (boolean)

property Enabled¶: Is policy enabled? (boolean)

property FollowedAction¶: Policy followed action (string - Action Set Name)

property MatchCriteria¶: Policy Match Criteria in API JSON format. See the Open API documentation for a complete list of available match criteria parameters.

property Name¶: The name of the policy (string)

property OneAlertPerSession¶: Allow only one alert to be created for every web session (boolean)

property SendToCd¶: Send policy alerts to community defense. Applicable for only some predefined policies (boolean)

property Severity¶: Alert Severity (‘high’, ‘medium’, ‘low’, ‘informative’, ‘noAlert’)

HttpProtocolSignaturesPolicy Class¶

class imperva_sdk.HttpProtocolSignaturesPolicy.HttpProtocolSignaturesPolicy(connection=None, Name=None, SendToCd=None, DisplayResponsePage=None, ApplyTo=[], Rules=[], Exceptions=[])¶

MX HTTP Protocol Signatures Policy Class

property ApplyTo¶

Web Services that policy is applied to (list of imperva_sdk.WebService objects). Can be in API JSON format or WebService objects

>>> pol.ApplyTo = [{'siteName': 'site name', 'serverGroupName': 'server group name', 'webServiceName': 'web service name'}]
>>> pol.ApplyTo
[<imperva_sdk 'WebService' Object - 'web service name'>]

siteName - Name of the site (string)
serverGroupName - Name of the server group (string)
webServiceName - Name of the web service (string)

property DisplayResponsePage¶: Show response page in alerts (boolean)

property Exceptions¶

Policy exceptions (list of dict)

>>> pol.Exceptions
[{u'comment': u'exception comment', u'predicates': [{u'type': u'httpRequestUrl', u'operation': u'atLeastOne', u'values': [u'/login'], u'match': u'prefix'}], u'ruleName': u'ASP Oracle Padding'}]

property Name¶: The name of the policy (string)

property Rules¶

Policy dictionary rules (list of dict)

>>> pol.Rules
[{u'action': u'block', u'enabled': False, u'name': u'ASP Oracle Padding', u'severity': u'medium'}, {u'action': u'none', u'enabled': False, u'name': u'Fullwidth/Halfwidth Unicode Encoding on URL/Parameter', u'severity': u'noAlert'}, {u'action': u'none', u'enabled': True, u'name': u'IIS Code Upload', u'severity': u'noAlert'}, {u'action': u'none', u'enabled': True, u'name': u'Java Double Precision Non Convergence DoS', u'severity': u'noAlert'}, {u'action': u'none', u'enabled': True, u'name': u'MSSQL Data Retrieval with Implicit Conversion Errors', u'severity': u'noAlert'}, {u'action': u'none', u'enabled': True, u'name': u'PHP Address Book ', u'severity': u'noAlert'}, {u'action': u'none', u'enabled': True, u'name': u'PHP Double Precision Non Convergence DoS', u'severity': u'noAlert'}, {u'action': u'block', u'enabled': True, u'name': u'Recommended for Blocking for Web Applications ', u'severity': u'high'}, {u'action': u'none', u'enabled': True, u'name': u'Recommended for Detection for Web Applications', u'severity': u'low'}, {u'action': u'block', u'enabled': True, u'name': u'Worms and Critical Vulnerabilities for Web Applications', u'severity': u'high'}]

property SendToCd¶: Send policy alerts to community defense. Applicable for only some predefined policies (boolean)

ActionSet Class¶

class imperva_sdk.ActionSet.ActionSet(connection=None, Name=None, AsType=None)¶

MX Action Set Class

property AsType¶: The type of the Action Set (security / any)

property Name¶: The name of the Action Set (string)

create_action(Name=None, ActionType=None, Protocol=None, SyslogFacility=None, Host=None, SyslogLogLevel=None, SecondaryPort=None, ActionInterface=None, SecondaryHost=None, Message=None, Port=None, update=False)¶: See imperva_sdk.MxConnection.create_action().

delete_action(Name)¶: See imperva_sdk.MxConnection.delete_action().

get_action(Name)¶: See imperva_sdk.MxConnection.get_action().

get_all_actions()¶: See imperva_sdk.MxConnection.get_all_actions().

Action Class¶

class imperva_sdk.Action.Action(connection=None, Name=None, ActionSet=None, ActionType=None, Protocol=None, SyslogFacility=None, Host=None, SyslogLogLevel=None, SecondaryPort=None, ActionInterface=None, SecondaryHost=None, Message=None, Port=None)¶

MX Action Class (part of Action Set)

property ActionInterface¶

The Action Interface of the Action (string)

e.g. - “Gateway Log - Security Event - System Log (syslog) - JSON format (Extended)”

property ActionType¶: The type of the Action (GWSyslog / Syslog)

property Host¶: The Action Syslog Host/IP setting (string)

property Message¶

The Action Syslog Message setting. With SecureSphere placeholders, etc… (string) -

>>> action.Message
'{"header": {"vendor": "Imperva Inc.","product": "SecureSphere","product-version": "$!{SecureSphereVersion}","template-version":"1.0"},"create-time": "#DTFormat:%Y-%m-%dT%H:%M:%S%Z(${Violation.CreateTime})","gateway-name": "${Event.gateway}", "mx-ip": "$!{Event.struct.mxIp}", "server-group-name": "#jsonEscapeExtension($!{Event.violations.alert.serverGroupName})", "server-group-simulation-mode": "$!{Event.violations.alert.simulationMode}", "violation-type": "$!{Event.eventType}", "class": "$!{Event.violations.alert.alertType}", "description": "$!{Violation.Description}", "severity": "$!{Event.violations.alert.severity}", "service-name": "#jsonEscapeExtension($!{Event.serviceName})","application-name": "#jsonEscapeExtension($!{Environment.ApplicationName})","source-ip": "${Request.SourceIp}","source-port": "${Request.SourcePort}","protocol": "${Request.SourceProtocol}","dest-ip": "${Request.DestinationIp}","dest-port": "${Request.DestinationPort}","violation-id": "${Violation.Id}","violation-attributes": ${Violation.AttributesJSON},"policy-name": "#jsonEscapeExtension(${Violation.PolicyName})","action": "$!{Event.violations.alert.immediateAction}", "http": {"session-id": "$!{Request.Http.SessionId}","session-create-time": "#DTFormat:%Y-%m-%dT%H:%M:%S%Z($!{Request.Http.SessionCreationTime})","session-verified": "$!{Event.struct.session.isVerified}","user-name": "#jsonEscapeExtension($!{Request.UserName})","transaction-complete": "$!{Event.struct.complete}","response": {"size": "$!{Response.Http.Size}","time": "$!{Response.Http.Time}","code": "$!{Response.Http.Code}","headers": ${Response.Http.HeadersJSON},"cookies": ${Response.Http.CookiesJSON}},"request": {"method": "#jsonEscapeExtension($!{Request.Http.Method})","host": "#jsonEscapeExtension($!{Request.Http.Host})","user-agent": "#jsonEscapeExtension($!{Event.UserAgent})","url-path": "#jsonEscapeExtension($!{Request.Http.UrlPath})","url-full-path": "#jsonEscapeExtension($!{Request.Http.UrlFullPath})","url-query-params": "#jsonEscapeExtension($!{Request.Http.UrlQueryString})", "headers": ${Request.Http.HeadersJSON},"cookies": ${Request.Http.CookiesJSON},"parameters": ${Request.Http.ParametersJSON},"version": "$!{Request.Http.Version}"}},"additional-info": {"client-type": "#jsonEscapeExtension($!{Event.struct.botClassification.clientType})","bot-classification": "#jsonEscapeExtension($!{Event.struct.botClassification.botType})","soap": {"is-soap": "$!{Event.struct.soap}","action": "#jsonEscapeExtension($!{Event.struct.httpRequest.soapAction.soapAction})"}, "thr-services": ${Violation.Threatradar.ServiceJSON}}}'

property Name¶: The name of the Action (string)

property Port¶: The Action Syslog Port setting (string)

property Protocol¶: The Action Syslog Protocol setting (TCP / UDP)

property SecondaryHost¶: The Action Syslog Secondary Host setting (string)

property SecondaryPort¶: The Action Syslog Secondary Port setting (string)

property SyslogFacility¶: The Action Syslog Facility setting (USER / LOCAL0 / LOCAL1 …)

property SyslogLogLevel¶: The Action Syslog Level setting (INFO / DEBUG / …)

ParameterTypeGlobalObject Class¶

class imperva_sdk.ParameterTypeGlobalObject.ParameterTypeGlobalObject(connection=None, Name=None, Regex=None)¶

Parameter Type Configuration Global Object Class

property Name¶: The name of the global object (string)

property Regex¶: Parameter Type Configuration regular expression

WebProfilePolicy Class¶

class imperva_sdk.WebProfilePolicy.WebProfilePolicy(connection=None, Name=None, SendToCd=None, Rules=[], Exceptions=[], ApuConfig={}, DisableLearning=None, DisplayResponsePage=None, ApplyTo=[])¶

MX Web Profile Policy Class

property ApplyTo¶

Web Applications that policy is applied to (list of imperva_sdk.WebApplication objects). Can be in API JSON format or WebApplication objects

>>> pol.ApplyTo = [{'siteName': 'site name', 'serverGroupName': 'server group name', 'webServiceName': 'web service name', 'webApplicationName': 'web application name'}]
>>> pol.ApplyTo
[<imperva_sdk 'WebApplication' Object - 'web application name'>]

siteName - Name of the site (string)
serverGroupName - Name of the server group (string)
webServiceName - Name of the web service (string)
webApplicationName - Name of the web application (string)

property ApuConfig¶

Policy’s Automatic Profile Update Configuration list (dict)

>>> pol.ApuConfig
{'SOAP Element Value Length Violation': {'enabled': True, 'sources': 50, 'occurrences': 50, 'hours': 12}, 'Parameter Read Only Violation': {'enabled': True, 'sources': 50, 'occurrences': 50, 'hours': 12}, "Reuse of Expired Session's Cookie": {'enabled': True, 'sources': 50, 'occurrences': 50, 'hours': 12}, 'SOAP Element Value Type Violation': {'enabled': True, 'sources': 50, 'occurrences': 50, 'hours': 12}, 'Required Parameter Not Found': {'enabled': True, 'sources': 50, 'occurrences': 50, 'hours': 12}, 'Unauthorized Method forKnown URL': {'enabled': True, 'sources': 50, 'occurrences': 50, 'hours': 12}, 'Unknown Parameter': {'enabled': True, 'sources': 50, 'occurrences': 50, 'hours': 12}, 'Parameter Type Violation': {'enabled': True, 'sources': 50, 'occurrences': 50, 'hours': 12}, 'Unauthorized SOAP Action': {'enabled': True, 'sources': 50, 'occurrences': 50, 'hours': 12}, 'Unknown SOAP Element': {'enabled': True, 'sources': 50, 'occurrences': 50, 'hours': 12}, 'Required XML Element Not Found': {'enabled': True, 'sources': 50, 'occurrences': 50, 'hours': 12}, 'Parameter Value Length Violation': {'enabled': True, 'sources': 50, 'occurrences': 50, 'hours': 12}, 'Cookie Injection': {'enabled': True, 'sources': 50, 'occurrences': 50, 'hours': 12}, 'Cookie Tampering': {'enabled': True, 'sources': 50, 'occurrences': 50, 'hours': 12}}

property DisableLearning¶: Disable learning engine (boolean)

property DisplayResponsePage¶: Show response page in alerts (boolean)

property Exceptions¶

Policy exceptions (list of dict)

>>> pol.Exceptions
[{'ruleName': 'Cookie Injection', 'comment': 'This is an exception', 'predicates': [{'matchNoOrUnknownUser': False, 'values': ['admin'], 'type': 'applicationUser', 'operation': 'atLeastOne'}]}]

property Name¶: The name of the policy (string)

property Rules¶

Policy dictionary rules (list of dict)

>>> pol.Rules
[{'name': 'Cookie Injection', 'enabled': False, 'severity': 'medium', 'action': 'none'}, {'name': 'Cookie Tampering', 'enabled': True, 'severity': 'medium', 'action': 'none'}, {'name': 'Non-SOAP Access to a SOAP Only URL', 'enabled': False, 'severity': 'medium', 'action': 'none'}, {'name': 'Parameter Read Only Violation', 'enabled': False, 'severity': 'informative', 'action': 'none', 'parameters': {'issueAnomalyForRequestsWithoutSession': 'false', 'issueAnomalyForCorrelatedParameterTampering': 'true', 'issueAnomalyForResponseEvasion': 'true'}}, {'name': 'Parameter Type Violation', 'enabled': False, 'severity': 'medium', 'action': 'none'}, {'name': 'Parameter Value Length Violation', 'enabled': False, 'severity': 'informative', 'action': 'none'}, {'name': 'Required Parameter Not Found', 'enabled': False, 'severity': 'informative', 'action': 'none'}, {'name': 'Required XML Element Not Found', 'enabled': False, 'severity': 'informative', 'action': 'none'}, {'name': "Reuse of Expired Session's Cookie", 'enabled': False, 'severity': 'informative', 'action': 'none'}, {'name': 'SOAP Access to a Non-SOAP URL', 'enabled': False, 'severity': 'medium', 'action': 'none'}, {'name': 'SOAP Element Value Length Violation', 'enabled': False, 'severity': 'informative', 'action': 'none'}, {'name': 'SOAP Element Value Type Violation', 'enabled': False, 'severity': 'medium', 'action': 'none'}, {'name': 'Unauthorized Content Type for Known URL', 'enabled': False, 'severity': 'low', 'action': 'none'}, {'name': 'Unauthorized Method for Known URL', 'enabled': False, 'severity': 'low', 'action': 'none'}, {'name': 'Unauthorized SOAP Action', 'enabled': False, 'severity': 'high', 'action': 'none'}, {'name': 'Unauthorized URL Access', 'enabled': False, 'severity': 'high', 'action': 'block'}, {'name': 'Unknown Parameter', 'enabled': False, 'severity': 'informative','action': 'none'}, {'name': 'Unknown SOAP Element', 'enabled': False, 'severity': 'informative', 'action': 'none'}]

property SendToCd¶: Send policy alerts to community defense. Applicable for only some predefined policies (boolean)