Get a holistic view of all the incidents across your applications

Incidents just got refreshed! To allow you to focus on incidents that matter, we improved their visualization.

New key capabilities:

  • New organization incident page, allowing you to see a holistic view of all incidents across all your applications and environments

Screenshot_2021-01-19_Incidents_-_Sqreen.png

  • New filtering capabilities (per application, environment, incident type)
  • CSP related incidents are now available in the CSP settings page

Screenshot_2021-01-19_production_javan_eu_Plesk(1).png

  • Anomalies such as "Application running as root" or "Vulnerable runtime" have been moved to Application Risk.:

Screenshot_2021-01-19_production_notifications_gcp(1).png

User SDK now in Security Activity

All user login tentative and signups are now displayed in the Security Activity, giving you more depth of visibility to understand how actors interact with your system.

The details of the request (status code and path) will be available as you upgrade to the latest version of our Python agent. Other agent support will be released in the upcoming month

Screenshot_2021-01-26 [production] notifications_gcp.png

Enabling more powerful custom In-App WAF rules

You can now create even more versatile custom In-App WAF rules!

Whether from the Security activity or from the In-App WAF configuration, you can now create custom In-App WAF rule that tie multiple filters together.

By running a filter on the matched value of a previous one filter, you can create more detailed logic whether to weed out false positives or target precisely a behavior.

simple rule using the past match's as a target

This is now available in the latest version of Python and Node.js agents and it's coming to the other agents soon!

Browse security activity from incidents!

Starting today, we're linking incidents and security activity together!

You can now very easily browse the associated requests from a given incident:

image (2).png

And also browse the associated incident from a given request:

image (3).png

For now, this feature only supports massive security scan and vulnerabilities (RASP-based); we will add support for targeted attacks and suspicious user activity in the coming weeks.

Check it out and give us feedback by email at feedback@sqreen.com. You can also reach out to us anytime via the chat widget.

Create and edit In-App WAF rules easily and with confidence!

The In-App WAF is a powerful protection. It lets you write your own rules to block attacks that are specific to your applications. Yet, writing custom rules can be daunting. You need to find the right heuristic to block attacks while avoiding false positives.

Today, we are introducing improvements to make editing rules easier and safer!

Editing rules made easy

When editing a rule, you will now see a sample request on the side. It shows what a typical HTTP request would look like, with headers, parameters, etc. You can use this request to pick the fields and values you want to block with your rule. Blocking unwanted user agents is now one click away!

Screen_Shot_2020-10-14_at_17.40.17.png

Of course, you can edit the sample request to make it more realistic compared to your actual traffic. But what would be more realistic than your actual traffic? To use an actual request, go to Security Activity, pick a request, and select "Create custom In-App WAF rule from this request".

Screenshot_2020-10-14_at_18.54.26.png

This will let you create a new rule based on this exact request.

If you prefer choosing the fields you want to target yourself, we also made the list more organized with the most used fields at the top.

Screen_Shot_2020-10-14_at_17.45.34.png

Deploy new rules with confidence

Today, we're also making it possible to test your rules before running them on real traffic.

Any rule can now run against the sample request (which you can customize) while you edit it. You can test a single condition, or the entire rule. This provides a shorter feedback loop that lets you know if your rule is effective or not.

Screen_Recording_2020-10-14_at_17.54.58.gif

If you have any questions or feedback, we'd love to hear about it. Let us know via the chat button or send us an email at feedback@sqreen.com

Facets added to Security Activity!

We've just updated the Security Activity pages! They now include a facets panel on the left-hand side:

image (1).png

image.png

You can now understand the distribution of security activities across these facets and easily filter them down to what really matters. Available facets include status code, request path, verb, IP, specific user, tag name, and more.

Check it out and give us feedback directly by email at feedback@sqreen.com. You can also reach out to us anytime via the chat widget.

Refreshed In-App WAF custom rule creation!

Along an ongoing project to improve the accessibility to the powerful custom rules for the In-App WAF, we are releasing the first part of our revamp.

Screenshot 2020-10-02 at 14.51.39.png

  • The refreshed UI provides more room to edit conditions, and let’s you duplicate conditions
  • The new transformations let you access values that were harder to target before
  • The new operators let you express conditions that were harder to express before (matches substring in list, matches IP/CIDR list)

The new transformations and operators are currently available in the latest version of the Node.js agent and the other agents will follow soon!

Attack log becomes Security Activity!

Explore and analyze a complete overview of your security activity across your organization, and focus on what is truly important.

Key capabilities:

  • Presents a holistic view of the security activity across your portfolio of applications so you can focus on the alerts that matter.

Untitled-4.png

  • Filter security activities by date, IP, specific user, In-App WAF rule, and more
  • Understand the entire context of each activity and view the raw security signals processed by Sqreen’s microagents.

Untitled-5.png

Check it out and give us feedback by email at feedback@sqreen.com. You can also reach out to us anytime via the chat widget.

SSRF protection now available in Java

The SSRF RASP protection is now available in Java!

This bring the compatible technologies to Node.js, Go, Python and Java.

To enable it, all you need to do is to toggle it on from your dashboard.

To learn more about SSRF and how our RASP protection work, you can check out our resources here.

Account settings update

We have added new account settings to your dashboard. You can now:

  • Add new authentication methods to your account: GitHub, Google and password/email.
  • Delete your account
  • Invite users that have already created an account to your organization.

Cheers!