We've added new facets to incidents! You can now filter them by request paths, tag names, involved IPs and user identifiers:
Check it out and give us feedback directly by email at feedback@sqreen.com. You can also reach out to us anytime via the chat widget.
We have improved the incident details view again!
You can now get a better overview of what happened:
However, though investigating through your incidents is great, being able to react quickly is better! We added a few actions that you can perform on your incidents:
Block actors for a specific duration:
Block compromised users to prevent them from being used to perform malicious actions
Export the list of compromised users to reach out to them to change their passwords:
Check it out and feel free to give us any feedback directly by email at feedback@sqreen.com or via the chat button.
We have just added support for the Strict-Transport-Security and Access-Control-Allow-Origin headers. You can enable them from the Protection Configuration tab:
Check it out and give us feedback directly by email at feedback@sqreen.com. You can also reach out to us anytime via the chat widget.
The insecure deserialization protection is now available to all PHP applications with agent version >= 1.23.0 .
Insecure deserialization occurs when unsanitized user inputs are processed through a deserialization function.
Insecure Deserialization results in code being loaded and executed through object instantiation and autoloading An attacker could exploit it in order to manipulate the code execution flow or run their own code, leading to Remote Code Execution (RCE).
Sqreen will detect attempts to exploit insecure deserialization vulnerabilities and prevent object injections in the context of the protected HTTP request.
Enable the RASP protection from your Dashboard
PHP update instructions are available in the docs
If you have any questions or feedback, we'd love to hear about it. Let us know via the chat button or send us an email at feedback@sqreen.com
At a glance, see all security responses applied per incident. This should help you understand quickly where to focus your attention and where to enable automatic security responses.
Check it out on your dashboard and give us feedback directly by email at feedback@sqreen.com.
Following our previous release, we added new features to the incident details view!
New key capabilities:
More to come soon!
Check it out and give us feedback directly by email at feedback@sqreen.com. You can also reach out to us anytime via the chat widget.
All incidents are now tagged with a severity, that can be minor, major or critical. This should help you understand how important each incident is, and let you prioritize their resolution.
Check this out on your dashboard and let us know what you think!
Incidents just got refreshed! To allow you to focus on incidents that matter, we improved their visualization.
New key capabilities:
All user login tentative and signups are now displayed in the Security Activity, giving you more depth of visibility to understand how actors interact with your system.
The details of the request (status code and path) will be available as you upgrade to the latest version of our Python agent. Other agent support will be released in the upcoming month
![Screenshot_2021-01-26 [production] notifications_gcp.png](https://cloud.headwayapp.co/changelogs_images/images/big/000/061/094-87c74dfec56f813f305e53bef27bf12c6b7d0118.png)
You can now create even more versatile custom In-App WAF rules!
Whether from the Security activity or from the In-App WAF configuration, you can now create custom In-App WAF rule that tie multiple filters together.
By running a filter on the matched value of a previous one filter, you can create more detailed logic whether to weed out false positives or target precisely a behavior.
This is now available in the latest version of Python and Node.js agents and it's coming to the other agents soon!
