Imperva WAF Cloud Solution
Solution: ImpervaCloudWAF
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Microsoft Corporation |
| Support Tier | Microsoft |
| Support Link | https://support.microsoft.com |
| Categories | domains |
| Version | 3.1.1 |
| Author | Microsoft - support@microsoft.com |
| First Published | 2021-09-28 |
| Last Updated | 2026-04-16 |
| Solution Folder | ImpervaCloudWAF |
| Marketplace | Azure Marketplace · Popularity: 🔵 Medium (79%) |
Imperva Cloud WAF offers the industry's leading web application security firewall, providing enterprise-class protection against the most sophisticated security threats. As a cloud-based WAF, it ensures that your website is always protected against any type of application layer hacking attempt. Imperva Cloud WAF is a key component of Imperva's market-leading, full stack application security solution which brings defence-in-depth to a new level.
Underlying Microsoft Technologies used:
This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:
a. Azure Monitor HTTP Data Collector API
c. Codeless Connector Framework (CCF)
Contents
Data Connectors
This solution provides 2 data connector(s):
🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Tables Used
This solution uses 3 table(s):
🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Content Items
This solution includes 22 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 10 |
| Hunting Queries | 10 |
| Workbooks | 1 |
| Parsers | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Imperva - Abnormal protocol usage | Medium | InitialAccess | - |
| Imperva - Critical severity event not blocked | High | InitialAccess | - |
| Imperva - Forbidden HTTP request method in request | Medium | InitialAccess | - |
| Imperva - Malicious Client | High | InitialAccess | - |
| Imperva - Malicious user agent | High | InitialAccess | - |
| Imperva - Multiple user agents from same source | Medium | InitialAccess | - |
| Imperva - Possible command injection | High | InitialAccess | - |
| Imperva - Request from unexpected IP address to admin panel | High | InitialAccess | - |
| Imperva - Request from unexpected countries | High | InitialAccess | - |
| Imperva - Request to unexpected destination port | High | InitialAccess | - |
Hunting Queries
| Name | Tactics | Tables Used |
|---|---|---|
| Imperva - Applications with insecure web protocol version | InitialAccess | - |
| Imperva - Non HTTP/HTTPs applications | InitialAccess | - |
| Imperva - Rare applications | InitialAccess | - |
| Imperva - Rare client applications | InitialAccess | - |
| Imperva - Rare destination ports | InitialAccess | - |
| Imperva - Top applications with error requests | InitialAccess | - |
| Imperva - Top destinations with blocked requests | InitialAccess, Impact | - |
| Imperva - Top sources with blocked requests | InitialAccess, Impact | - |
| Imperva - Top sources with error requests | InitialAccess | - |
| Imperva - request from known bots | InitialAccess | - |
Workbooks
| Name | Tables Used |
|---|---|
| Imperva WAF Cloud Overview | - |
Parsers
| Name | Description | Tables Used |
|---|---|---|
| ImpervaWAFCloud | - | ImpervaWAFCloudV2_CL (read)ImpervaWAFCloud_CL (read)SentinelImpervaWAFCloudV2Logs (read) |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.1.1 | 10-04-2026 | Add "CsvEscapeMode": "NoEscape" to prevent logs with embedded JSON from being dropped during ingestion |
| 3.1.0 | 30-03-2026 | Promoted the Imperva Cloud WAF CCF connector to Public Preview |
| 3.0.2 | 06-06-2025 | Migrated the Function app connector to CCF Data connector and updated Parser |
| 3.0.1 | 07-11-2024 | Added existing **Parser into the solution |
| 3.0.0 | 22-08-2024 | Updated the python runtime version to 3.11 |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊