Details
Content
Dependencies
Version History

Uses Incapsula to manage sites and IPs

Imperva Incapsula (Cloud WAF)

This pack includes Cortex XSIAM content.

Imperva Incapsula (Cloud WAF)

This pack includes Cortex XSIAM content.

Configuration on Server Side

To setup a real-time SIEM log integration via AWS S3 push, follow the Set up log integration process.

Collection via AWS S3

To create or configure Incapsula log collection via S3, use the information described here.

You can configure the AWS S3 collector:

Navigate to Settings > Data Sources > Add Data Source (Optional) > Amazon S3.
Make sure to add the following values to the configuration:
- Log Type - Generic
- Log Format - CEF
- Vendor - Auto-Detect
- Product - Auto-Detect

Automations

Name	Description
IncapGetDomainApproverEmail	Use this operation to get the list of email addresses that can be used when adding an SSL site
IncapScheduleTask	This script periodically runs the "IncapWhitelistCompliance" script, which queries the Incapsula monitored websites for white-list compliance (see script for further details). The script then saves the new periodic ID into incident context under the "ScheduleTaskID" key for later use.
IncapListSites	List sites for an account
IncapGetAppInfo	Use this operation to retrieve a list of all the client applications
IncapWhitelistCompliance	Get all sites from Incapsula. For each site, the script, through a ssh server (one that should NOT be in the allow list), make sure the site is compliant ( allow list is being enforced ). If not, a warning mail will be sent to the domain owner.

Integrations

Name	Description
Imperva Incapsula	Uses incapsula to manage sites and IPs.

Automations

Name	Description
IncapGetAppInfo	Use this operation to retrieve a list of all the client applications
IncapGetDomainApproverEmail	Use this operation to get the list of email addresses that can be used when adding an SSL site
IncapListSites	List sites for an account

Integrations

Name	Description
Imperva Incapsula	Uses incapsula to manage sites and IPs.

Modeling Rules

Name	Description
Imperva Incapsula Modeling Rule

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (4)

Pack Name	Pack By
Cortex REST API	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR
Base	By: Cortex XSOAR

1.1.13 - 8515806 (April 27, 2026)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 43940

Download

1.1.12 - 7827247 (March 22, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43566

Download

1.1.11 - 5636304 (October 29, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

1.1.10 - 4583601 (August 20, 2025)

Scripts

IncapWhitelistCompliance

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IncapListSites

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IncapGetDomainApproverEmail

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IncapScheduleTask

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IncapGetAppInfo

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40710

Download

1.1.9 - R4077103 (July 6, 2025)

Scripts

IncapGetAppInfo

Metadata and documentation improvements.

IncapScheduleTask

Metadata and documentation improvements.

IncapListSites

Metadata and documentation improvements.

IncapGetDomainApproverEmail

Metadata and documentation improvements.

IncapWhitelistCompliance

Metadata and documentation improvements.

Related pull requests:
- 39088

Download

1.1.8 - R2988527 (March 26, 2025)

Scripts

IncapScheduleTask

Updated the Docker image to: demisto/python3:3.11.10.115186.

IncapGetDomainApproverEmail

Updated the Docker image to: demisto/python3:3.11.10.115186.

IncapListSites

Updated the Docker image to: demisto/python3:3.11.10.115186.

IncapWhitelistCompliance

Updated the Docker image to: demisto/python3:3.11.10.115186.

IncapGetAppInfo

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404

Download

1.1.7 - 1619437 (November 10, 2024)

Integrations

Imperva Incapsula

Fixed an issue where the commands' args were not parsed as expected.

Related pull requests:
- 37126

Download

1.1.6 - 1070867 (June 5, 2024)

Integrations

Imperva Incapsula

Fixed an issue where the Test button failed on authentication.

Related pull requests:
- 34706

Download

1.1.5 - 938811 (April 7, 2024)

Scripts

IncapWhitelistCompliance

Updated the Docker image to: demisto/python3:3.10.14.91134.

IncapGetDomainApproverEmail

Updated the Docker image to: demisto/python3:3.10.14.91134.

IncapScheduleTask

Updated the Docker image to: demisto/python3:3.10.14.91134.

IncapListSites

Updated the Docker image to: demisto/python3:3.10.14.91134.

IncapGetAppInfo

Updated the Docker image to: demisto/python3:3.10.14.91134.

Related pull requests:
- 33641
- 33516
- 33519
- 33515
- 33329
- 33314
- 33318
- 33328
- 33357
- 33344
- 33359
- 33458
- 33535
- 33534
- 33537
- 33552
- 33580
- 33553
- 33418
- 33583
- 33555
- 33556
- 33559
- 33560
- 33619
- 33591
- 33602
- 33600
- 33314
- 33318
- 33328
- 33357
- 33344
- 33359
- 33458

Download

1.1.4 - 6564291 (October 10, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 30115

Download

1.1.3 - 6521786 (October 5, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 29979

Download

1.1.2 - R5801668 (July 18, 2023)

Integrations

Imperva Incapsula

You can now use credentials when configuring the following fields:
- API ID
- API key

Related pull requests:
- 27597

Download

1.1.1 - R5170573 (May 2, 2023)

Integrations

Imperva Incapsula

Added the optional argument security to command incap-get-visits.

Related pull requests:
- 25440
- 25507

Download

1.1.0 - R4718798 (March 1, 2023)

Integrations

Imperva Incapsula

Added the incap-get-infra-protection-top-items-table command which returns the highest peak values and highest average values for a protected IP range during a selected time period.

Related pull requests:
- 23956
- 24427

Download

1.0.6 - R4494864 (January 29, 2023)

Scripts

IncapGetDomainApproverEmail

Updated the Docker image to demisto/python3:3.10.6.33415.

IncapWhitelistCompliance

Updated the Docker image to demisto/python3:3.10.6.33415.

IncapGetAppInfo

Updated the Docker image to demisto/python3:3.10.6.33415.

IncapScheduleTask

Updated the Docker image to demisto/python3:3.10.6.33415.

IncapListSites

Updated the Docker image to demisto/python3:3.10.6.33415.

Related pull requests:
- 21026

Download

1.1.13 - 8542515 (April 28, 2026)

Modeling Rules

Imperva Incapsula Modeling Rule

Documentation and metadata improvements.

Related pull requests:
- 43940

Download

1.1.12 - 7827247 (March 22, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43566

Download

1.1.11 - 5636304 (October 29, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

1.1.10 - 4583601 (August 20, 2025)

Scripts

IncapListSites

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IncapGetDomainApproverEmail

Updated the Docker image to: demisto/python3:3.12.8.3296088.

IncapGetAppInfo

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40710

Download

1.1.9 - R4077103 (July 6, 2025)

Scripts

IncapGetAppInfo

Metadata and documentation improvements.

IncapListSites

Metadata and documentation improvements.

IncapGetDomainApproverEmail

Metadata and documentation improvements.

Related pull requests:
- 39088

Download

1.1.8 - R2988527 (March 26, 2025)

Scripts

IncapGetDomainApproverEmail

Updated the Docker image to: demisto/python3:3.11.10.115186.

IncapListSites

Updated the Docker image to: demisto/python3:3.11.10.115186.

IncapGetAppInfo

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404

Download

1.1.7 - 1621428 (November 11, 2024)

Integrations

Imperva Incapsula

Fixed an issue where the commands' args were not parsed as expected.

Related pull requests:
- 37126

Download

1.1.6 - 1070867 (June 5, 2024)

Integrations

Imperva Incapsula

Fixed an issue where the Test button failed on authentication.

Related pull requests:
- 34706

Download

1.1.5 - 938811 (April 7, 2024)

Scripts

IncapGetDomainApproverEmail

Updated the Docker image to: demisto/python3:3.10.14.91134.

IncapListSites

Updated the Docker image to: demisto/python3:3.10.14.91134.

IncapGetAppInfo

Updated the Docker image to: demisto/python3:3.10.14.91134.

1.1.4 - 6564291 (October 10, 2023)

Modeling Rules

Imperva Incapsula Modeling Rule

Updated the Modeling Rule schema, adding the cs11 field.

Related pull requests:
- 30115

Download

1.1.3 - 6521786 (October 5, 2023)

Modeling Rules

New: Imperva Incapsula Modeling Rule

Added support for Imperva Incapsula logs via AWS S3 (Available from Cortex XSIAM 1.5).

Related pull requests:
- 29979

Download

1.1.2 - 5618116 (June 26, 2023)

Integrations

Imperva Incapsula

You can now use credentials when configuring the following fields:
- API ID
- API key

Related pull requests:
- 27597

Download

1.1.1 - R5170573 (May 2, 2023)

Integrations

Imperva Incapsula

Added the optional argument security to command incap-get-visits.

Related pull requests:
- 25440
- 25507

Download

1.1.0 - R4718798 (March 1, 2023)

Integrations

Imperva Incapsula

Added the incap-get-infra-protection-top-items-table command which returns the highest peak values and highest average values for a protected IP range during a selected time period.

Related pull requests:
- 23956
- 24427

Download

1.0.6 - 3639170 (September 11, 2022)

Scripts

IncapGetDomainApproverEmail

Updated the Docker image to demisto/python3:3.10.6.33415.

IncapWhitelistCompliance

Updated the Docker image to demisto/python3:3.10.6.33415.

IncapGetAppInfo

Updated the Docker image to demisto/python3:3.10.6.33415.

IncapScheduleTask

Updated the Docker image to demisto/python3:3.10.6.33415.

IncapListSites

Updated the Docker image to demisto/python3:3.10.6.33415.

Related pull requests:
- 21026

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	November 9, 2020
Last Release	April 27, 2026

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

By downloading or using Marketplace content, you agree to the applicable Terms of Use and End User License Agreement. Third-party content is provided by its publisher, and Palo Alto Networks does not warrant, endorse, support, or assume responsibility for content not expressly identified as owned by Palo Alto Networks.