Webhook version 2 is live!

Major improvement are:

  • Incident update are now sent through webhook. Version 1 only broadcasts when the incident is first detected.
  • ATO incident payloads feature the compromised accounts
  • Payloads now include the number of retries and date when it was sent

The new documentation is available here: https://docs.sqreen.com/integrations/webhooks/

If you get started with webhook today, you'll automatically use version 2.

Otherwise, you can switch versions from your account settings https://my.sqreen.com/profile/organization/integrations

Get the most out of Sqreen

Access our updated onboarding page to get the most out of Sqreen. This step by step checklist will walk you through our key features and show you how to configure them. Go to your onboarding checklist right now

More visibility and control on the impact of microagents on your apps

Since the beginning, we’ve focused on making it easy to install Sqreen in your applications. For many users, the process is just set and forget. However, some organizations need more transparency on what’s happening inside our microagent.

Today, we have two updates that go in this direction:

  • The first one is an improved Execution Time monitoring view. Under Settings > Performance, you now get a more detailed chart of the microagent performance over time. The overhead is broken down into different categories. You can also select the categories and percentile you want to see.
  • The second update is an option for Proactive protection and monitoring. To improve microagents, we often deploy new capabilities to a fraction of our customers before rolling them out to everyone. Most of the time, this is transparent, as the new capabilities never block any traffic. Yet, some applications can see a performance impact in some rare cases. We don’t recommend that you turn this off, unless you see an issue. This option is only available for customers with paid plans and can be toggled from the Settings

Get more details in exported compromised accounts

Add the list of user's flags (TOR user, Shared account, Disposible email, etc.) in the compromised account CSV file.

A clearer way to configure your protections

Protection is the core of our Product. We're constantly iterating to make sure you have peace of mind knowing exactly how Sqreen protects your app.

The previous tile-based layout wasn't the most optimal way to configure the protection modules we're providing you with.

We've just released a better row-based version which should do the job better.

Have a look at it now https://my.sqreen.com/application/goto/modules

We'd love to hear your feedback about it!

Important change regarding protection configuration

Will Sqreen prevent the exploit of vulnerabilities and block attacks? Answering this question wasn’t always straightforward. Today, we are making this easier by simplifying how protections are applied.

With this update, the global Protection Mode is gone. It was not always behaving as expected and was causing confusion in some cases. Now, each Protection Module can protect your traffic based on its own configuration:

  • The Runtime Application Self-Protection (RASP) can be set to Blocking or Log Only.
  • The In-app WAF can be set to Blocking or Log Only.
  • Security Headers are applied immediately when updated from the Sqreen dashboard.
  • CSP can be Disabled, Monitoring or Blocking
  • Playbooks will block IPs and/or users only if they have a Security Response configured
  • The blacklist will always block blacklisted IPs

From now on, you can decide if you need all the protections or only some of them. In any case, applications deployed before this change remain protected just like before. All attacks and vulnerabilities that were blocked before will continue to be blocked in the future.

If you have any questions about your protection settings, let us know!

App Inventory, the catalog of application assets

Adding more levels of protection is essential, but how can you secure what you can’t see?

To tackle this problem, we’re introducing Application Inventory.

Sqreen’s Application Inventory is an always up-to-date, searchable source of truth of application assets. It centralizes in-app security insights collected from the Sqreen microagents deployed on our your applications to catalog the key application components (such as third-party libraries, frameworks, ORMs, templating engines, and more) that provide actionable insights into applications.

Security teams get deeper visibility and control, and can stay on top of new threats with customizable real-time alerting without becoming gatekeepers or having to slow down engineers.

Go visit your inventory

Configure your email notifications

As we grow, our security coverage keeps expanding. It led to Sqreen sending more and more notifications.

While we keep working hard to keep the signal/noise ratio to the lowest level, by designing, testing and improving our heuristics, we also understand sometimes you know best what's relevant to you.

Today, we're releasing new settings enabling you to configure which alerts you want to receive over email. You can now (un)subscribe from any type of incidents, for all applications.

In a future release, we'll enable you to do the same with Slack.

Content Security Policy (CSP): a better management flow

Setting up and maintaining a working Content Security Policy (CSP) is hard.

We introduced a very interactive way to manage it, by collecting the violation reports and suggesting domains to add in the policy.

Today, we're releasing some improvements to make your life even easier managing it:

  • Manually add entries in your policy. Sometimes, it's the easiest path.
  • Monitor violations going over a threshold. This comes in addition to our existing detection of the unusual volume of violations.
  • Overall UX improvements.

Those improvements follow all the great feedback you've shared with us, along with our own experience setting up a CSP on the Sqreen Dashboard

An improved weekly email digest

Pursuing the effort we started with the Slack daily digest a few weeks back, we’ve improved the email weekly report.

What’s new in there? First of all, your email weekly digest is now about what’s going on in your organization versus application per application. Hopefully, it’s making things easier for you to digest!

Also, it now features all the new things we added in our product over the past months: application security risk, organization token, etc.

Last, but not least: it’s now fully responsive!

All in all, we hope that this new format will help you keep an eye on what’s going on your application’s security, on the go!