Sqreen changelog
Sqreen changelog
www.sqreen.com

New incident filtering capabilities

We've added new facets to incidents! You can now filter them by request paths, tag names, involved IPs and user identifiers:

image.png

Check it out and give us feedback directly by email at feedback@sqreen.com. You can also reach out to us anytime via the chat widget.

Perform actions based on Incidents

We have improved the incident details view again!

You can now get a better overview of what happened:

Screenshot 2021-02-22 at 15.36.06.png

However, though investigating through your incidents is great, being able to react quickly is better! We added a few actions that you can perform on your incidents:

  • Block actors for a specific duration: Screenshot 2021-02-22 at 11.03.50.png

  • Block compromised users to prevent them from being used to perform malicious actions

  • Export the list of compromised users to reach out to them to change their passwords:

Screenshot 2021-02-22 at 11.41.52.png

Check it out and feel free to give us any feedback directly by email at feedback@sqreen.com or via the chat button.

New security headers released!

We have just added support for the Strict-Transport-Security and Access-Control-Allow-Origin headers. You can enable them from the Protection Configuration tab:

image.png

Check it out and give us feedback directly by email at feedback@sqreen.com. You can also reach out to us anytime via the chat widget.

Insecure deserialization protection

The insecure deserialization protection is now available to all PHP applications with agent version >= 1.23.0 .

Insecure deserialization occurs when unsanitized user inputs are processed through a deserialization function.

Insecure Deserialization results in code being loaded and executed through object instantiation and autoloading An attacker could exploit it in order to manipulate the code execution flow or run their own code, leading to Remote Code Execution (RCE).

Sqreen will detect attempts to exploit insecure deserialization vulnerabilities and prevent object injections in the context of the protected HTTP request.

Enable the RASP protection from your Dashboard

Screen Shot 2021-02-19 at 2.26.31 PM.png

Screen Shot 2021-02-19 at 2.26.44 PM.png

PHP update instructions are available in the docs

If you have any questions or feedback, we'd love to hear about it. Let us know via the chat button or send us an email at feedback@sqreen.com

Security Responses, directly from the incident list

At a glance, see all security responses applied per incident. This should help you understand quickly where to focus your attention and where to enable automatic security responses.

Check it out on your dashboard and give us feedback directly by email at feedback@sqreen.com.

incident-security-response.jpg

Incident details improved!

Following our previous release, we added new features to the incident details view!

New key capabilities:

  • Better titles: understand what the incident is at a glance.

image.png

  • Faceted security activity: quickly scan security activity relevant to a specific incident.

image.png

More to come soon!

Check it out and give us feedback directly by email at feedback@sqreen.com. You can also reach out to us anytime via the chat widget.

Navigating incidents by severity

All incidents are now tagged with a severity, that can be minor, major or critical. This should help you understand how important each incident is, and let you prioritize their resolution.

my.sqreen.com_incidents_duration=2592000.png

Check this out on your dashboard and let us know what you think!

Get a holistic view of all the incidents across your applications

Incidents just got refreshed! To allow you to focus on incidents that matter, we improved their visualization.

New key capabilities:

  • New organization incident page, allowing you to see a holistic view of all incidents across all your applications and environments

Screenshot_2021-01-19_Incidents_-_Sqreen.png

  • New filtering capabilities (per application, environment, incident type)
  • CSP related incidents are now available in the CSP settings page

Screenshot_2021-01-19_production_javan_eu_Plesk(1).png

  • Anomalies such as "Application running as root" or "Vulnerable runtime" have been moved to Application Risk.:

Screenshot_2021-01-19_production_notifications_gcp(1).png

User SDK now in Security Activity

All user login tentative and signups are now displayed in the Security Activity, giving you more depth of visibility to understand how actors interact with your system.

The details of the request (status code and path) will be available as you upgrade to the latest version of our Python agent. Other agent support will be released in the upcoming month

Screenshot_2021-01-26 [production] notifications_gcp.png

Enabling more powerful custom In-App WAF rules

You can now create even more versatile custom In-App WAF rules!

Whether from the Security activity or from the In-App WAF configuration, you can now create custom In-App WAF rule that tie multiple filters together.

By running a filter on the matched value of a previous one filter, you can create more detailed logic whether to weed out false positives or target precisely a behavior.

simple rule using the past match's as a target

This is now available in the latest version of Python and Node.js agents and it's coming to the other agents soon!