Sqreen changelog www.sqreen.com

Incidents just got refreshed! To allow you to focus on incidents that matter, we improved their visualization.

New key capabilities:

• New organization incident page, allowing you to see a holistic view of all incidents across all your applications and environments

• New filtering capabilities (per application, environment, incident type)
• CSP related incidents are now available in the CSP settings page

• Anomalies such as "Application running as root" or "Vulnerable runtime" have been moved to Application Risk.:

All user login tentative and signups are now displayed in the Security Activity, giving you more depth of visibility to understand how actors interact with your system.

The details of the request (status code and path) will be available as you upgrade to the latest version of our Python agent. Other agent support will be released in the upcoming month

You can now create even more versatile custom In-App WAF rules!

Whether from the Security activity or from the In-App WAF configuration, you can now create custom In-App WAF rule that tie multiple filters together.

By running a filter on the matched value of a previous one filter, you can create more detailed logic whether to weed out false positives or target precisely a behavior.

This is now available in the latest version of Python and Node.js agents and it's coming to the other agents soon!

Starting today, we're linking incidents and security activity together!

You can now very easily browse the associated requests from a given incident:

And also browse the associated incident from a given request:

For now, this feature only supports massive security scan and vulnerabilities (RASP-based); we will add support for targeted attacks and suspicious user activity in the coming weeks.

Check it out and give us feedback by email at feedback@sqreen.com. You can also reach out to us anytime via the chat widget.

The In-App WAF is a powerful protection. It lets you write your own rules to block attacks that are specific to your applications. Yet, writing custom rules can be daunting. You need to find the right heuristic to block attacks while avoiding false positives.

Today, we are introducing improvements to make editing rules easier and safer!

Editing rules made easy

When editing a rule, you will now see a sample request on the side. It shows what a typical HTTP request would look like, with headers, parameters, etc. You can use this request to pick the fields and values you want to block with your rule. Blocking unwanted user agents is now one click away!

Of course, you can edit the sample request to make it more realistic compared to your actual traffic. But what would be more realistic than your actual traffic? To use an actual request, go to Security Activity, pick a request, and select "Create custom In-App WAF rule from this request".

This will let you create a new rule based on this exact request.

If you prefer choosing the fields you want to target yourself, we also made the list more organized with the most used fields at the top.

Deploy new rules with confidence

Today, we're also making it possible to test your rules before running them on real traffic.

Any rule can now run against the sample request (which you can customize) while you edit it. You can test a single condition, or the entire rule. This provides a shorter feedback loop that lets you know if your rule is effective or not.

If you have any questions or feedback, we'd love to hear about it. Let us know via the chat button or send us an email at feedback@sqreen.com

We've just updated the Security Activity pages! They now include a facets panel on the left-hand side:

You can now understand the distribution of security activities across these facets and easily filter them down to what really matters. Available facets include status code, request path, verb, IP, specific user, tag name, and more.

Check it out and give us feedback directly by email at feedback@sqreen.com. You can also reach out to us anytime via the chat widget.

Along an ongoing project to improve the accessibility to the powerful custom rules for the In-App WAF, we are releasing the first part of our revamp.

• The refreshed UI provides more room to edit conditions, and let’s you duplicate conditions
• The new transformations let you access values that were harder to target before
• The new operators let you express conditions that were harder to express before (matches substring in list, matches IP/CIDR list)

The new transformations and operators are currently available in the latest version of the Node.js agent and the other agents will follow soon!

Explore and analyze a complete overview of your security activity across your organization, and focus on what is truly important.

Key capabilities:

• Presents a holistic view of the security activity across your portfolio of applications so you can focus on the alerts that matter.

• Filter security activities by date, IP, specific user, In-App WAF rule, and more
• Understand the entire context of each activity and view the raw security signals processed by Sqreen’s microagents.

Check it out and give us feedback by email at feedback@sqreen.com. You can also reach out to us anytime via the chat widget.

The SSRF RASP protection is now available in Java!

This bring the compatible technologies to Node.js, Go, Python and Java.

To enable it, all you need to do is to toggle it on from your dashboard.

To learn more about SSRF and how our RASP protection work, you can check out our resources here.

We have added new account settings to your dashboard. You can now:

• Add new authentication methods to your account: GitHub, Google and password/email.
• Delete your account
• Invite users that have already created an account to your organization.

Cheers!