December 12, 2021 Release
- Last UpdatedJan 21, 2025
- 4 minute read
Our release notes provide information on changes and enhancements in each release.
Note: Unless otherwise specified, the changes described here are rolled out throughout the week and may not be immediately available in all accounts.
In this release:
- Heads Up: DNS Protection minor UI and API enhancements
- Heads Up: Migration to Near Real-Time SIEM integration
- Recently mitigated CVEs
- Attack Analytics: “Exposed origin server” insight temporarily disabled
New Features
None.
Enhancements
Heads Up: DNS Protection minor UI and API enhancements
For enhanced simplicity, the following changes are planned for early January 2022.
DNS Protection API
Management of DNS domains configured for Imperva DNS Protection and their DNS records will be separated.
-
DNS record details and configuration will be removed from all of the /domain endpoints and instead be managed using the /domain/{domainId}/records endpoint only.
-
A PUT method will be added for editing the existing DNS record configuration for a domain.
For details on the current DNS Protection API, see DNS Protection API Definition.
Protected DNS Zones page
The Origin NS Records column will be removed. This information applies zones configured for Imperva Proxy DNS and is visible when viewing or editing the specific zone’s configuration.
Heads Up: Migration to Near Real-Time SIEM integration
In January 2022 we will start to automatically migrate customer accounts to our new Near Real-Time SIEM integration.
Our existing log integration enables you to receive your Imperva logs and archive or push these events into your SIEM solution.
The new mechanism introduces a dramatic reduction in the time it takes to deliver logs to you after the security event occurs.
Availability:
-
During December 2021, customers who are currently using the SIEM log integration with the S3 push method can contact Imperva Support to request migration to the new mechanism.
-
In Q1 of 2022, we will migrate all customer accounts that are currently using the Imperva SIEM log integration with the S3 push method.
-
At a later stage, the new mechanism will be available to new and existing customers who start using the SIEM log integration with the S3 push method.
Note:
-
There are no configuration changes required on your part.
-
Additional IP addresses that are used for the new SIEM mechanism were recently added to the Imperva IP address list.
18.197.138.101/32
52.28.122.247/32
18.196.8.244/32
34.195.164.78/32
34.227.199.200/32
35.168.228.214/32
54.178.125.129/32
13.114.18.213/32
13.115.55.10/32
54.153.205.221/32
13.239.174.189/32
13.236.96.83/32
To prepare for migration, verify that you have all Imperva IP addresses included in your allowlist. Note that the IPs supporting the Near Real-Time SIEM integration are not returned by the API that retrieves the Imperva ranges, as they are not required by all Cloud WAF customers. For details, see Allowlist Imperva IP addresses & Setting IP restriction rules.
Note that during the migration process, there will be a short period in which logs will be sent from both the old and new systems.
What to expect after your account is migrated to the Near Real-Time SIEM integration:
As a first step, the new mechanism has been implemented for:
-
Amazon S3 push method only, in which logs are pushed to your S3 bucket.
-
Security event logs only, which include suspicious events detected by Imperva. Access logs will be added at a later date.
Note: In the event that you change your connection details in the Logs Setup, it can take up to 3 hours for the configuration changes to take effect.
Security Mitigation
Recently mitigated CVEs
Mitigation for new Common Vulnerabilities and Exposures (CVEs) is added weekly by Imperva Research Labs.
To view the latest CVEs for which coverage was added, see Recently Mitigated CVEs.
Fixes
None.
Known Issues
Attack Analytics: “Exposed origin server” insight temporarily disabled
We have detected an issue with the Attack Analytics "exposed origin server" insight and have temporarily disabled this insight while we investigate.
Actionable insights are recommended actions for you to take, based on attacks that have targeted your sites and applications. For more information, see Actionable Insights.
Tip: Open the latest release notes directly from the Cloud Security Console's Help menu.
