You can now create even more versatile custom In-App WAF rules!
Whether from the Security activity or from the In-App WAF configuration, you can now create custom In-App WAF rule that tie multiple filters together.
By running a filter on the matched value of a previous one filter, you can create more detailed logic whether to weed out false positives or target precisely a behavior.
This is now available in the latest version of Python and Node.js agents and it's coming to the other agents soon!
Starting today, we're linking incidents and security activity together!
You can now very easily browse the associated requests from a given incident:
And also browse the associated incident from a given request:
For now, this feature only supports massive security scan and vulnerabilities (RASP-based); we will add support for targeted attacks and suspicious user activity in the coming weeks.
Check it out and give us feedback by email at feedback@sqreen.com. You can also reach out to us anytime via the chat widget.
The In-App WAF is a powerful protection. It lets you write your own rules to block attacks that are specific to your applications. Yet, writing custom rules can be daunting. You need to find the right heuristic to block attacks while avoiding false positives.
Today, we are introducing improvements to make editing rules easier and safer!
When editing a rule, you will now see a sample request on the side. It shows what a typical HTTP request would look like, with headers, parameters, etc. You can use this request to pick the fields and values you want to block with your rule. Blocking unwanted user agents is now one click away!
Of course, you can edit the sample request to make it more realistic compared to your actual traffic. But what would be more realistic than your actual traffic? To use an actual request, go to Security Activity, pick a request, and select "Create custom In-App WAF rule from this request".
This will let you create a new rule based on this exact request.
If you prefer choosing the fields you want to target yourself, we also made the list more organized with the most used fields at the top.
Today, we're also making it possible to test your rules before running them on real traffic.
Any rule can now run against the sample request (which you can customize) while you edit it. You can test a single condition, or the entire rule. This provides a shorter feedback loop that lets you know if your rule is effective or not.
If you have any questions or feedback, we'd love to hear about it. Let us know via the chat button or send us an email at feedback@sqreen.com
We've just updated the Security Activity pages! They now include a facets panel on the left-hand side:
You can now understand the distribution of security activities across these facets and easily filter them down to what really matters. Available facets include status code, request path, verb, IP, specific user, tag name, and more.
Check it out and give us feedback directly by email at feedback@sqreen.com. You can also reach out to us anytime via the chat widget.
Along an ongoing project to improve the accessibility to the powerful custom rules for the In-App WAF, we are releasing the first part of our revamp.
The new transformations and operators are currently available in the latest version of the Node.js agent and the other agents will follow soon!
Explore and analyze a complete overview of your security activity across your organization, and focus on what is truly important.
Key capabilities:
Check it out and give us feedback by email at feedback@sqreen.com. You can also reach out to us anytime via the chat widget.
The SSRF RASP protection is now available in Java!
This bring the compatible technologies to Node.js, Go, Python and Java.
To enable it, all you need to do is to toggle it on from your dashboard.
To learn more about SSRF and how our RASP protection work, you can check out our resources here.
We have added new account settings to your dashboard. You can now:
Cheers!
We have updated the design of the default agent blocking page and made it clearer that users cannot access Sqreen’s customer web application.
Whenever Sqreen tags a given request as malicious or when the requesting IP or user account has been flagged, the Sqreen agent will send back an error page. The main goal of this page is to inform the end users that they have been blocked and cannot access the requested page. The previous version of the page could be confusing to users, and in some cases they tried to sign up for Sqreen to get unblocked.
The new design is now available in the latest version of the Node.js, Go, and Python agents. It is coming to the other agents by 17th June!
Note: this change is only for our default blocking page. You can still redirect to a custom page in Settings if you wish.
We have improved the Security Flow Map!
Moving forward, it will feature all application and service communications, enabling you to get a holistic view of your system.
Improvements include:
These improvements will let you identify apps without a Sqreen agent, and stay better informed about the changes happening in your infrastructure.
To make full use of the new flow map, you will need a compatible Sqreen agent version:
