1. Expel Help Center
  2. Connect Your Technology
  3. Q-Z Integrations
  4. Thales Imperva

Thales Imperva Web Application Firewall (formerly Imperva SecureSphere) Setup for Workbench

This guide covers setup for Imperva's on-prem version of the Web Application Firewall (WAF). If you wish to use the cloud version, go to Thales Imperva Cloud Web Application Firewall Setup for Workbench.

We support the WAF via the Application Security API, which allows us to pull all security events for the onboarded customer sites.

Scope and Limitations

When choosing to set up this integration, remember the following:

  • This integration is investigative-only; this means no alerts or detections are ingested, but the integration can still be used by Expel for investigation telemetry.

Prerequisites

  1. You must have an administrator account with Imperva so that you can create an Expel user.
  2. You must have the Organization Admin role in Workbench to set up the security device.
  3. You must use an assembler with this integration, and you must be able to deploy the virtual machine in one of our supported environments.

Quick Links

Setup includes the following steps (select any step for detailed instructions):

  1. Prepare an Assembler
  2. Create a New Imperva User for Expel
  3. Add Imperva WAF as a Security Device in Workbench

Step 1: Prepare an Assembler

If you already have an assembler set up that you want to use, make sure you know which one it is and then skip to Step 2.

If you need to set up a new assembler, go to Add a New Assembler and then return to this page to finish the setup process.

Step 2: Create a New Imperva User for Expel

Creating a new user is necessary so that we can access your Imperva security events. If you have used the cloud version in the past, and therefore have already created an Expel user, make sure you know the username and password and then skip to Step 3.

  1. Log in to Imperva with an administrator account.
  2. In the upper right corner, navigate to Admin.
  3. On the Users & Permissions tab, in the Users & Roles section, select Create and then select Create New User.
  4. Complete the User Info fields as follows:
    • User Name - enter a name of your choosing for the Expel user (example user name: expel_api_user). Make note of this user name, as you will need it in the next section.
    • Password - enter a password for the user. Make note of this password, as you will need it in the next section.
    • Verify Password - enter the password again to confirm.
    • Assigned Roles - do not assign any roles to this user (you will assign permissions instead).
  5. Select Create.
  6. For the new Expel user, update the Site Tree Object Types > Web Services permissions to grant View access.
  7. Select Save.

Step 3: Add Imperva WAF as a Security Device in Workbench

Now that you have created the Expel user, you can set up the device in Workbench. Before you begin, make sure you have the username and password you set up in the previous section, your Imperva server address, and your two-factor secret key (if your organization requires 2FA to log in to the Imperva console).

  1. Log in to Workbench.
  2. In the side menu, navigate to Organization Settings > Security Devices. If you have multiple organizations, you must select the appropriate organization name from the list.
  3. Select Add Security Device.
  4. In the search box, type “Imperva” and then select the Imperva Web Application Firewall integration.
  5. Select On-prem as the device location.
  6. Complete the fields as follows:
    • Assembler - select the assembler you prepared in Step 1.
    • Name - enter a name that might help you more easily identify this integration, such as “CompanyName Imperva On Prem”; this name will display in Workbench under the Name column, and is a text string that you can filter on.
    • Location - enter the location of your integration, for example “on prem;” this is also a text string that you can filter on, so we recommend being consistent with location naming across your Expel integrations.
    • Server address - enter your Imperva server address, including the port. Examples: https://127.0.0.1:80, or https://myvendordevice.acme.com:443
    • Username - enter Expel's Imperva user name that you created in Step 2.
    • Password - enter Expel's Imperva password that you created in Step 2.
    • Select Save.
  7. Select Set up now (recommended) from the console access dropdown. Why do we need console access?
  8. Complete the fields as follows:
    • Console URL - enter the console URL portion of your Imperva server address, and add /login to the end of the URL.
    • Username - enter Expel's Imperva user name that you created in Step 2.
    • Password - enter Expel's Imperva password that you created in Step 2.
    • Two-factor secret key - if your organization uses 2FA, enter the key here, otherwise leave this field blank.
  9. Select Save.
  10. Your device should be created successfully within a few seconds.

Related articles