October 24, 2021 Release

Our release notes provide information on changes and enhancements in each release.

In this release:

• Notifications of ongoing network level DDoS attacks
• CDN: Enhanced option for purging specific resources
• Heads up: Near Real-Time SIEM integration
• Heads Up: Deprecation of API authentication using query parameters
• Heads Up: Old Performance/Security/Traffic dashboards removal
• Recently mitigated CVEs

New Features

Enhancements

Notifications of ongoing network level DDoS attacks

Popup notifications have been added to the Cloud Security Console, giving you greater visibility into ongoing Layer 3/4 volumetric DDoS attacks on your assets.

What changed: In the event of an active DDoS attack, a notification is displayed in the top-right corner of the Console window when you log in.

The popup includes links to the attacked assets, opening a drill-down view of the attack analysis.

• Website groups: The Imperva IPs that support your Cloud WAF protected websites.

• Protected Networks and IPs: Your origin IP addresses or ranges protected by the DDoS Protection for Networks and Single IPs services.

The information updates every 5 minutes. If you close the popup and a new attack occurs during your logged in session, a new notification is displayed.

CDN: Enhanced option for purging specific resources

As part of the caching functionality provided by Imperva CDN, you have the option to tag resources according to a specified response header value in the resources. This enables you to subsequently purge resources according to the tag name.

What changed: Previously, the response was tagged according to the entire value of the specified header. Now, if there are multiple values in the header separated by commas, the resource is tagged with multiple tags. This provides you with greater granularity for purging specific resources.

For example:

Previous behavior:

• Header Name: Cache-Tag
• Header Value: “tag1,tag2,tag3”
• Tagging Result: The resource is tagged with 1 tag - “tag1,tag2,tag3”

New behavior:

• Header Name: Cache-Tag
• Header Value: “tag1,tag2,tag3”
• Tagging Result: The resource is tagged with 3 different tags - “tag1”, “tag2”, and “tag3”

Where it’s located: In the Cloud Security Console, navigate to Application > <select your website> > Cache > Advanced Settings > Tag the Response According to the Value of this Header.

For more details on caching configuration options, see Cache Settings.

Heads up: Near Real-Time SIEM integration

On November 1, 2021, we are starting rollout of our new near real-time SIEM solution. The new mechanism introduces a dramatic reduction in the time it takes to deliver logs to you after the security event occurs.

Our existing log integration enables you to retrieve or receive your Imperva logs and archive or push these events into your SIEM solution.

As a first step, the new mechanism will be implemented for:

• Amazon S3 push method only, in which logs are pushed to your S3 bucket.

• Security event logs only, which include suspicious events detected by Imperva. Access logs will be added at a later date.

Availability:

• In the initial phase of rollout, customers who are currently using the Imperva SIEM log integration with the S3 push method will be migrated to the new mechanism. This phase is expected to continue through the end of the year.

• At a later stage, the new mechanism will be made available to new and existing customers who start using the SIEM log integration with the S3 push method. Updates will follow in future release notes.

What changed:

After your account is migrated to the new mechanism, the following changes to the log files will apply:

	Current platform	New SIEM platform
Sending rate	Large files sent every 5-10 minutes	Smaller files sent every 10 seconds
Data freshness	Files sent after 10-30 minutes or more	Files sent after 3-5 minutes
File contents	One log file with both security and access events	Two log files - one for security events and one for access events

	Current platform	New SIEM platform
Log file names	<config_id>_<uuid>.log	<account_id>.WAF_RAW_LOGS.<uuid>.log
Example	44268_b8e36106-2e39-4eaa-88ab-90ff8b7542e6.log	51226475.WAF_RAW_LOGS.7f108651-1258-4177-a3dd-c9f6bb4dccfa.log
Comments	These files will continue to be in use after your account is migrated to the new mechanism. They will now contain only access logs.	These files will be introduced after your account is migrated to the new mechanism. They will contain only security logs.

Note:

• There are no configuration changes required on your part.

• Access to your S3 bucket is verified by Imperva before your account is migrated. In the event that your S3 bucket is not accessible, our team will contact you to update your S3 allowlist.

  To verify that you have all Imperva IP addresses included in your allowlist, see Allowlist Imperva IP addresses & Setting IP restriction rules. The additional IP addresses that are used for the new SIEM mechanism were recently added to the list. They will be in use as of start of the Near Real-Time SIEM rollout on November 1st.

• In the event that you change your connection details in the Logs Setup, it can take up to 3 hours for the configuration changes to take effect.

  

Heads Up: Deprecation of API authentication using query parameters

In September 2020, we introduced support for API authentication using request headers instead of sending them as query parameters.

For backward compatibility, we still support sending the api_id and api_key parameters in the query string.

On November 1, 2021, support for API authentication by sending the API Key/ID as query parameters will be discontinued. At that point, API calls using the authentication query parameters will no longer work.

For more details on API authentication, see Authentication.

Heads Up: Old Performance/Security/Traffic dashboards removal

As of November 7, 2021, the Performance, Security, and Traffic tabs of the old Website Dashboard page will no longer be accessible. The new website Performance and Security dashboards introduce improved usability, faster investigation time, and more actionable data, and are currently available to all users.

Where the new dashboards are located: On the top menu bar, navigate to Application. On the sidebar, click WAF > Dashboards.

The Traffic tab has moved to the Performance & traffic section of the new Website Performance dashboard.

For more details about the new Website Dashboards, see Website Dashboards.

Security Mitigation

Recently mitigated CVEs

Mitigation for new Common Vulnerabilities and Exposures (CVEs) is added weekly by Imperva Research Labs.

To view the latest CVEs for which coverage was added, see Recently Mitigated CVEs.

Fixes

None.

Known Issues

None.

 

Tip: Open the latest release notes directly from the Cloud Security Console's Help menu.