Enabling more powerful custom In-App WAF rules

You can now create even more versatile custom In-App WAF rules!

Whether from the Security activity or from the In-App WAF configuration, you can now create custom In-App WAF rule that tie multiple filters together.

By running a filter on the matched value of a previous one filter, you can create more detailed logic whether to weed out false positives or target precisely a behavior.

simple rule using the past match's as a target

This is now available in the latest version of Python and Node.js agents and it's coming to the other agents soon!

Browse security activity from incidents!

Starting today, we're linking incidents and security activity together!

You can now very easily browse the associated requests from a given incident:

image (2).png

And also browse the associated incident from a given request:

image (3).png

For now, this feature only supports massive security scan and vulnerabilities (RASP-based); we will add support for targeted attacks and suspicious user activity in the coming weeks.

Check it out and give us feedback by email at feedback@sqreen.com. You can also reach out to us anytime via the chat widget.

Create and edit In-App WAF rules easily and with confidence!

The In-App WAF is a powerful protection. It lets you write your own rules to block attacks that are specific to your applications. Yet, writing custom rules can be daunting. You need to find the right heuristic to block attacks while avoiding false positives.

Today, we are introducing improvements to make editing rules easier and safer!

Editing rules made easy

When editing a rule, you will now see a sample request on the side. It shows what a typical HTTP request would look like, with headers, parameters, etc. You can use this request to pick the fields and values you want to block with your rule. Blocking unwanted user agents is now one click away!


Of course, you can edit the sample request to make it more realistic compared to your actual traffic. But what would be more realistic than your actual traffic? To use an actual request, go to Security Activity, pick a request, and select "Create custom In-App WAF rule from this request".


This will let you create a new rule based on this exact request.

If you prefer choosing the fields you want to target yourself, we also made the list more organized with the most used fields at the top.


Deploy new rules with confidence

Today, we're also making it possible to test your rules before running them on real traffic.

Any rule can now run against the sample request (which you can customize) while you edit it. You can test a single condition, or the entire rule. This provides a shorter feedback loop that lets you know if your rule is effective or not.


If you have any questions or feedback, we'd love to hear about it. Let us know via the chat button or send us an email at feedback@sqreen.com

Facets added to Security Activity!

We've just updated the Security Activity pages! They now include a facets panel on the left-hand side:

image (1).png


You can now understand the distribution of security activities across these facets and easily filter them down to what really matters. Available facets include status code, request path, verb, IP, specific user, tag name, and more.

Check it out and give us feedback directly by email at feedback@sqreen.com. You can also reach out to us anytime via the chat widget.

Refreshed In-App WAF custom rule creation!

Along an ongoing project to improve the accessibility to the powerful custom rules for the In-App WAF, we are releasing the first part of our revamp.

Screenshot 2020-10-02 at 14.51.39.png

  • The refreshed UI provides more room to edit conditions, and let’s you duplicate conditions
  • The new transformations let you access values that were harder to target before
  • The new operators let you express conditions that were harder to express before (matches substring in list, matches IP/CIDR list)

The new transformations and operators are currently available in the latest version of the Node.js agent and the other agents will follow soon!

Attack log becomes Security Activity!

Explore and analyze a complete overview of your security activity across your organization, and focus on what is truly important.

Key capabilities:

  • Presents a holistic view of the security activity across your portfolio of applications so you can focus on the alerts that matter.


  • Filter security activities by date, IP, specific user, In-App WAF rule, and more
  • Understand the entire context of each activity and view the raw security signals processed by Sqreen’s microagents.


Check it out and give us feedback by email at feedback@sqreen.com. You can also reach out to us anytime via the chat widget.

SSRF protection now available in Java

The SSRF RASP protection is now available in Java!

This bring the compatible technologies to Node.js, Go, Python and Java.

To enable it, all you need to do is to toggle it on from your dashboard.

To learn more about SSRF and how our RASP protection work, you can check out our resources here.

Account settings update

We have added new account settings to your dashboard. You can now:

  • Add new authentication methods to your account: GitHub, Google and password/email.
  • Delete your account
  • Invite users that have already created an account to your organization.


New design for the agent blocking page

We have updated the design of the default agent blocking page and made it clearer that users cannot access Sqreen’s customer web application.

Screenshot 2020-06-30 at 18.42.11.png

Whenever Sqreen tags a given request as malicious or when the requesting IP or user account has been flagged, the Sqreen agent will send back an error page. The main goal of this page is to inform the end users that they have been blocked and cannot access the requested page. The previous version of the page could be confusing to users, and in some cases they tried to sign up for Sqreen to get unblocked.

The new design is now available in the latest version of the Node.js, Go, and Python agents. It is coming to the other agents by 17th June!

Note: this change is only for our default blocking page. You can still redirect to a custom page in Settings if you wish.

Get a holistic view of your system

We have improved the Security Flow Map!

Moving forward, it will feature all application and service communications, enabling you to get a holistic view of your system.


Improvements include:

  • visualizing HTTP communications, either internally, or externally with third-party services;
  • support for new database nodes, such as Redis.

These improvements will let you identify apps without a Sqreen agent, and stay better informed about the changes happening in your infrastructure.

Agent compatibility

To make full use of the new flow map, you will need a compatible Sqreen agent version:

  • The Node.js agent version supports the improved flowmap, starting with version 1.45.0;
  • Support for other technologies will be rolled out progressively, over the next month. Stay tuned.