December 12, 2021 Release

Save PDF

Feedback

Last UpdatedJan 21, 2025
4 minute read

Our release notes provide information on changes and enhancements in each release.

Note: Unless otherwise specified, the changes described here are rolled out throughout the week and may not be immediately available in all accounts.

In this release:

Heads Up: DNS Protection minor UI and API enhancements
Heads Up: Migration to Near Real-Time SIEM integration
Recently mitigated CVEs
Attack Analytics: “Exposed origin server” insight temporarily disabled

New Features

None.

Enhancements

Heads Up: DNS Protection minor UI and API enhancements

For enhanced simplicity, the following changes are planned for early January 2022.

DNS Protection API

Management of DNS domains configured for Imperva DNS Protection and their DNS records will be separated.

DNS record details and configuration will be removed from all of the /domain endpoints and instead be managed using the /domain/{domainId}/records endpoint only.
A PUT method will be added for editing the existing DNS record configuration for a domain.

For details on the current DNS Protection API, see DNS Protection API Definition.

Protected DNS Zones page

The Origin NS Records column will be removed. This information applies zones configured for Imperva Proxy DNS and is visible when viewing or editing the specific zone’s configuration.

Heads Up: Migration to Near Real-Time SIEM integration

In January 2022 we will start to automatically migrate customer accounts to our new Near Real-Time SIEM integration.

Our existing log integration enables you to receive your Imperva logs and archive or push these events into your SIEM solution.

The new mechanism introduces a dramatic reduction in the time it takes to deliver logs to you after the security event occurs.

Availability:

During December 2021, customers who are currently using the SIEM log integration with the S3 push method can contact Imperva Support to request migration to the new mechanism.
In Q1 of 2022, we will migrate all customer accounts that are currently using the Imperva SIEM log integration with the S3 push method.
At a later stage, the new mechanism will be available to new and existing customers who start using the SIEM log integration with the S3 push method.

Note:

There are no configuration changes required on your part.
Additional IP addresses that are used for the new SIEM mechanism were recently added to the Imperva IP address list.

18.197.138.101/32

52.28.122.247/32

18.196.8.244/32

34.195.164.78/32

34.227.199.200/32

35.168.228.214/32

54.178.125.129/32

13.114.18.213/32

13.115.55.10/32

54.153.205.221/32

13.239.174.189/32

13.236.96.83/32

To prepare for migration, verify that you have all Imperva IP addresses included in your allowlist. Note that the IPs supporting the Near Real-Time SIEM integration are not returned by the API that retrieves the Imperva ranges, as they are not required by all Cloud WAF customers. For details, see Allowlist Imperva IP addresses & Setting IP restriction rules.

Note that during the migration process, there will be a short period in which logs will be sent from both the old and new systems.

What to expect after your account is migrated to the Near Real-Time SIEM integration:

As a first step, the new mechanism has been implemented for:

Amazon S3 push method only, in which logs are pushed to your S3 bucket.
Security event logs only, which include suspicious events detected by Imperva. Access logs will be added at a later date.

Search:

	Current platform	New SIEM platform

Sending rate	Large files sent every 5-10 minutes	Smaller files sent every 10-70 seconds
Data freshness	File arrives within 10-30 minutes or more of the event	File arrives within 3-5 minutes of the event
File contents	One log file with both security and access events These files will continue to be in use after your account is migrated to the new mechanism. They will contain only access events.	One log file with security events only
Log file names	<config_id>_<uuid>.log	<account_id>.WAF_RAW_LOGS.<uuid>.log
Example	44268_b8e36106-2e39-4eaa-88ab-90ff8b7542e6.log	51226475.WAF_RAW_LOGS.7f108651-1258-4177-a3dd-c9f6bb4dccfa.log

Note: In the event that you change your connection details in the Logs Setup, it can take up to 3 hours for the configuration changes to take effect.

Security Mitigation

Recently mitigated CVEs

Mitigation for new Common Vulnerabilities and Exposures (CVEs) is added weekly by Imperva Research Labs.

To view the latest CVEs for which coverage was added, see Recently Mitigated CVEs.

Fixes

None.

Known Issues

Attack Analytics: “Exposed origin server” insight temporarily disabled

We have detected an issue with the Attack Analytics "exposed origin server" insight and have temporarily disabled this insight while we investigate.

Actionable insights are recommended actions for you to take, based on attacks that have targeted your sites and applications. For more information, see Actionable Insights.

Tip: Open the latest release notes directly from the Cloud Security Console's Help menu.

To subscribe to updates about weekly releases, add the following link to your RSS feed reader: https://docs.imperva.com/bundle/cloud-application-security/page/release-notes.rss

In This Topic

New Features
Enhancements
Heads Up: DNS Protection minor UI and API enhancements
Heads Up: Migration to Near Real-Time SIEM integration
- Security Mitigation
Recently mitigated CVEs
- Fixes
- Known Issues
Attack Analytics: “Exposed origin server” insight temporarily disabled

Was this topic helpful?

Like Dislike

Cloud Application and Network Security

Filters

Source Type

Application Security

Data Security

Network Security

Application Performance

Product Versions

Hypervisor Installation

Document Type

Public Cloud

Community Content Type

Access

Product Area