Details
Content
Dependencies
Version History

Uses Incapsula to manage sites and IPs

Imperva Incapsula (Cloud WAF)

This pack includes Cortex XSIAM content.

Imperva Incapsula (Cloud WAF)

This pack includes Cortex XSIAM content.

Configuration on Server Side

To setup a real-time SIEM log integration via AWS S3 push, follow the Set up log integration process.

Collection via AWS S3

To create or configure Incapsula log collection via S3, use the information described here.

You can configure the AWS S3 collector:

Navigate to Settings > Data Sources > Add Data Source (Optional) > Amazon S3.
Make sure to add the following values to the configuration:
- Log Type - Generic
- Log Format - CEF
- Vendor - incapsula
- Product - siemintegration

Automations

Name	Description
IncapWhitelistCompliance	Get all sites from Incapsula. For each site, the script, through a ssh server (one that should NOT be in the allow list), make sure the site is compliant ( allow list is being enforced ). If not, a warning mail will be sent to the domain owner.
IncapListSites	List sites for an account
IncapScheduleTask	This script periodically runs the "IncapWhitelistCompliance" script, which queries the Incapsula monitored websites for white-list compliance (see script for further details). The script then saves the new periodic ID into incident context under the "ScheduleTaskID" key for later use.
IncapGetDomainApproverEmail	Use this operation to get the list of email addresses that can be used when adding an SSL site
IncapGetAppInfo	Use this operation to retrieve a list of all the client applications

Integrations

Name	Description
Imperva Incapsula	Uses incapsula to manage sites and IPs.

Automations

Name	Description
IncapGetDomainApproverEmail	Use this operation to get the list of email addresses that can be used when adding an SSL site
IncapListSites	List sites for an account
IncapGetAppInfo	Use this operation to retrieve a list of all the client applications

Integrations

Name	Description
Imperva Incapsula	Uses incapsula to manage sites and IPs.

Modeling Rules

Name	Description
Imperva Incapsula Modeling Rule

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (3)

Pack Name	Pack By
Common Scripts	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Base	By: Cortex XSOAR

1.1.7 - 1619437 (November 10, 2024)

Integrations

Imperva Incapsula

Fixed an issue where the commands' args were not parsed as expected.

Related pull requests:
- 37126

Download

1.1.6 - 1070867 (June 5, 2024)

Integrations

Imperva Incapsula

Fixed an issue where the Test button failed on authentication.

Related pull requests:
- 34706

Download

1.1.5 - 938811 (April 7, 2024)

Scripts

IncapWhitelistCompliance

Updated the Docker image to: demisto/python3:3.10.14.91134.

IncapGetDomainApproverEmail

Updated the Docker image to: demisto/python3:3.10.14.91134.

IncapScheduleTask

Updated the Docker image to: demisto/python3:3.10.14.91134.

IncapListSites

Updated the Docker image to: demisto/python3:3.10.14.91134.

IncapGetAppInfo

Updated the Docker image to: demisto/python3:3.10.14.91134.

Related pull requests:
- 33641
- 33516
- 33519
- 33515
- 33329
- 33314
- 33318
- 33328
- 33357
- 33344
- 33359
- 33458
- 33535
- 33534
- 33537
- 33552
- 33580
- 33553
- 33418
- 33583
- 33555
- 33556
- 33559
- 33560
- 33619
- 33591
- 33602
- 33600
- 33314
- 33318
- 33328
- 33357
- 33344
- 33359
- 33458

Download

1.1.4 - 6564291 (October 10, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 30115

Download

1.1.3 - 6521786 (October 5, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 29979

Download

1.1.2 - R5801668 (July 18, 2023)

Integrations

Imperva Incapsula

You can now use credentials when configuring the following fields:
- API ID
- API key

Related pull requests:
- 27597

Download

1.1.1 - R5170573 (May 2, 2023)

Integrations

Imperva Incapsula

Added the optional argument security to command incap-get-visits.

Related pull requests:
- 25440
- 25507

Download

1.1.0 - R4718798 (March 1, 2023)

Integrations

Imperva Incapsula

Added the incap-get-infra-protection-top-items-table command which returns the highest peak values and highest average values for a protected IP range during a selected time period.

Related pull requests:
- 23956
- 24427

Download

1.0.6 - R4494864 (January 29, 2023)

Scripts

IncapGetDomainApproverEmail

Updated the Docker image to demisto/python3:3.10.6.33415.

IncapWhitelistCompliance

Updated the Docker image to demisto/python3:3.10.6.33415.

IncapGetAppInfo

Updated the Docker image to demisto/python3:3.10.6.33415.

IncapScheduleTask

Updated the Docker image to demisto/python3:3.10.6.33415.

IncapListSites

Updated the Docker image to demisto/python3:3.10.6.33415.

Related pull requests:
- 21026

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	November 9, 2020
Last Release	November 10, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.