Sqreen changelog www.sqreen.com

Starting today, we're linking incidents and security activity together!

You can now very easily browse the associated requests from a given incident:

And also browse the associated incident from a given request:

For now, this feature only supports massive security scan and vulnerabilities (RASP-based); we will add support for targeted attacks and suspicious user activity in the coming weeks.

Check it out and give us feedback by email at feedback@sqreen.com. You can also reach out to us anytime via the chat widget.

The In-App WAF is a powerful protection. It lets you write your own rules to block attacks that are specific to your applications. Yet, writing custom rules can be daunting. You need to find the right heuristic to block attacks while avoiding false positives.

Today, we are introducing improvements to make editing rules easier and safer!

Editing rules made easy

When editing a rule, you will now see a sample request on the side. It shows what a typical HTTP request would look like, with headers, parameters, etc. You can use this request to pick the fields and values you want to block with your rule. Blocking unwanted user agents is now one click away!

Of course, you can edit the sample request to make it more realistic compared to your actual traffic. But what would be more realistic than your actual traffic? To use an actual request, go to Security Activity, pick a request, and select "Create custom In-App WAF rule from this request".

This will let you create a new rule based on this exact request.

If you prefer choosing the fields you want to target yourself, we also made the list more organized with the most used fields at the top.

Deploy new rules with confidence

Today, we're also making it possible to test your rules before running them on real traffic.

Any rule can now run against the sample request (which you can customize) while you edit it. You can test a single condition, or the entire rule. This provides a shorter feedback loop that lets you know if your rule is effective or not.

If you have any questions or feedback, we'd love to hear about it. Let us know via the chat button or send us an email at feedback@sqreen.com

We've just updated the Security Activity pages! They now include a facets panel on the left-hand side:

You can now understand the distribution of security activities across these facets and easily filter them down to what really matters. Available facets include status code, request path, verb, IP, specific user, tag name, and more.

Check it out and give us feedback directly by email at feedback@sqreen.com. You can also reach out to us anytime via the chat widget.

Along an ongoing project to improve the accessibility to the powerful custom rules for the In-App WAF, we are releasing the first part of our revamp.

• The refreshed UI provides more room to edit conditions, and let’s you duplicate conditions
• The new transformations let you access values that were harder to target before
• The new operators let you express conditions that were harder to express before (matches substring in list, matches IP/CIDR list)

The new transformations and operators are currently available in the latest version of the Node.js agent and the other agents will follow soon!

Explore and analyze a complete overview of your security activity across your organization, and focus on what is truly important.

Key capabilities:

• Presents a holistic view of the security activity across your portfolio of applications so you can focus on the alerts that matter.

• Filter security activities by date, IP, specific user, In-App WAF rule, and more
• Understand the entire context of each activity and view the raw security signals processed by Sqreen’s microagents.

Check it out and give us feedback by email at feedback@sqreen.com. You can also reach out to us anytime via the chat widget.

The SSRF RASP protection is now available in Java!

This bring the compatible technologies to Node.js, Go, Python and Java.

To enable it, all you need to do is to toggle it on from your dashboard.

To learn more about SSRF and how our RASP protection work, you can check out our resources here.

We have added new account settings to your dashboard. You can now:

• Add new authentication methods to your account: GitHub, Google and password/email.
• Delete your account
• Invite users that have already created an account to your organization.

Cheers!

We have updated the design of the default agent blocking page and made it clearer that users cannot access Sqreen’s customer web application.

Whenever Sqreen tags a given request as malicious or when the requesting IP or user account has been flagged, the Sqreen agent will send back an error page. The main goal of this page is to inform the end users that they have been blocked and cannot access the requested page. The previous version of the page could be confusing to users, and in some cases they tried to sign up for Sqreen to get unblocked.

The new design is now available in the latest version of the Node.js, Go, and Python agents. It is coming to the other agents by 17th June!

Note: this change is only for our default blocking page. You can still redirect to a custom page in Settings if you wish.

We have improved the Security Flow Map!

Moving forward, it will feature all application and service communications, enabling you to get a holistic view of your system.

Improvements include:

• visualizing HTTP communications, either internally, or externally with third-party services;
• support for new database nodes, such as Redis.

These improvements will let you identify apps without a Sqreen agent, and stay better informed about the changes happening in your infrastructure.

Agent compatibility

To make full use of the new flow map, you will need a compatible Sqreen agent version:

• The Node.js agent version supports the improved flowmap, starting with version 1.45.0;
• Support for other technologies will be rolled out progressively, over the next month. Stay tuned.

Recent events have shown that, more than ever, diversity is important. Sqreen culture values tolerance and we want to democratize security for everyone. That's why we've decided to ban the terms "blacklist" and "whitelist". Moving forward, we will use "denylist" and "passlist" as a better alternative.