diff --git a/src/content/docs/iast/iast-configuration.mdx b/src/content/docs/iast/iast-configuration.mdx index 479e240f341..1bb4b2defbf 100644 --- a/src/content/docs/iast/iast-configuration.mdx +++ b/src/content/docs/iast/iast-configuration.mdx @@ -22,10 +22,10 @@ Open the `newrelic.yml` configuration file to set the `scan_schedule` parameters ```yml security: scan_schedule: - delay: 0 #In minutes, default is 0 min - duration: 0 #In minutes, default is forever - schedule: "" #Cron Expression to define start time - always_sample_traces: false #regardless of scan schedule + delay: 0 # In minutes, default is 0 min + duration: 0 # In minutes, default is forever + schedule: "" # Cron Expression to define start time + always_sample_traces: false # regardless of scan schedule ``` @@ -83,10 +83,10 @@ security: To schedule IAST to start 30 minutes after the application starts and run for 300 minutes, you should set the delay to 30 and the duration to 300. ```yml - security: - scan_schedule: - delay: 30 #In minutes, default is 0 min - duration: 300 #In minutes, default is forever + security: + scan_schedule: + delay: 30 # In minutes, default is 0 min + duration: 300 # In minutes, default is forever ``` @@ -113,10 +113,10 @@ security: If you want IAST to always sample traces, you would set `always_sample_traces` to `true`. By default, this is set to `false`, which means that IAST only samples traces within the active scan window. ```yml - security: - scan_schedule: - delay: 30 #In minutes, default is 0 min - always_sample_traces: true #regardless of scan schedule + security: + scan_schedule: + delay: 30 # In minutes, default is 0 min + always_sample_traces: true # regardless of scan schedule ``` @@ -157,10 +157,10 @@ You can ignore specific APIs from IAST analysis by adding them to the API sectio This is the format for specifying APIs: ```yml - exclude_from_iast_scan: - api: - - .*account.* - - .*/\api\/v1\/.*?\/login +exclude_from_iast_scan: + api: + - .*account.* + - .*/\api\/v1\/.*?\/login ``` For example: @@ -182,16 +182,18 @@ You can ignore specific HTTP request parameters from IAST analysis by adding the This is a list of HTTP header keys. If a request includes any headers with these keys, the corresponding IAST scan will be skipped. For example, if you have a curl request with headers and you want to skip IAST scanning on the `X-Forwarded-For` header, you can pass this configuration: ```bash - curl -X POST -H "X-Forwarded-For: 123.456.789.012" -H "Content-Type: application/x-www-form-urlencoded" -d "param1=value1¶m2=value2" http://example.com + curl -X POST -H "X-Forwarded-For: 123.456.789.012" \ + -H "Content-Type: application/x-www-form-urlencoded" \ + -d "param1=value1¶m2=value2" http://example.com ``` You can use this configuration: ```yml - exclude_from_iast_scan: - http_request_parameters: - header: - - X-Forwarded-For + exclude_from_iast_scan: + http_request_parameters: + header: + - X-Forwarded-For ``` @@ -203,17 +205,17 @@ You can ignore specific HTTP request parameters from IAST analysis by adding the This is a list of query parameter keys. The presence of these parameters in the query string of the request will cause the IAST scan to be skipped. For example, if you have a curl request with query parameters and you want to skip IAST scanning on the `customerID` and `username` query parameters, you can pass this configuration: ```bash - curl --location --request GET 'localhost:8080/sql/save?firstName=test&lastName=user&customerID=testuser&username=test123' + curl --location --request GET 'localhost:8080/sql/save?firstName=test&lastName=user&customerID=testuser&username=test123' ``` You can use this configuration: ```yml - exclude_from_iast_scan: - http_request_parameters: - query: - - username - - customerID + exclude_from_iast_scan: + http_request_parameters: + query: + - username + - customerID ``` @@ -229,29 +231,29 @@ You can ignore specific HTTP request parameters from IAST analysis by adding the This is a curl example for JSON content type when you have a curl request with JSON body, and you want to skip IAST scanning on `customerID` and `firstName`. ```bash - curl --location --request POST 'localhost:8080/application/json/post' \ + curl --location --request POST 'localhost:8080/application/json/post' \ --header 'Content-Type: application/json' \ --data '{ - "path": "sample.txt", - "script":"testscript", - "customerID":"GREAL", - "name": { - "firstName": "john", - "lastName": "wick" - }, - "url":"http://example.com", - "cmd":"ls" + "path": "sample.txt", + "script":"testscript", + "customerID":"GREAL", + "name": { + "firstName": "john", + "lastName": "wick" + }, + "url":"http://example.com", + "cmd":"ls" }' ``` You can use this configuration: ```yml - exclude_from_iast_scan: - http_request_parameters: - body: - - customerID - - name.firstName + exclude_from_iast_scan: + http_request_parameters: + body: + - customerID + - name.firstName ``` #### Example for XML Content-Type @@ -259,7 +261,7 @@ You can ignore specific HTTP request parameters from IAST analysis by adding the This is a curl request with XML body, and you want to skip IAST scanning on `customerID` and `username`. ```bash - curl --location 'localhost:8080/application/xml/post' \ + curl --location 'localhost:8080/application/xml/post' \ --header 'Content-Type: application/xml' \ --data ' @@ -277,11 +279,11 @@ You can ignore specific HTTP request parameters from IAST analysis by adding the You can use this configuration: ```yml - exclude_from_iast_scan: - http_request_parameters: - body: - - AppData.customerID - - AppData.username + exclude_from_iast_scan: + http_request_parameters: + body: + - AppData.customerID + - AppData.username ``` #### Example Form-URL-Encoded Content-Type @@ -289,7 +291,7 @@ You can ignore specific HTTP request parameters from IAST analysis by adding the This is a curl request with Form-URL-Encoded body, and you want to skip IAST scanning on `customerID` and `username`. ```bash - curl --location 'localhost:8080/application/urlencode/post' \ + curl --location 'localhost:8080/application/urlencode/post' \ --header 'Content-Type: application/x-www-form-urlencoded' \ -d 'name=madhav&path=sample.txt&customerID=GREAL&script=K2&url=http://example.com&username=bob&firstName=Aliko&cmd=ls' ``` @@ -297,10 +299,10 @@ You can ignore specific HTTP request parameters from IAST analysis by adding the You can use this configuration: ```yml - http_request_parameters: - body: - - customerID - - username + http_request_parameters: + body: + - customerID + - username ``` @@ -318,18 +320,18 @@ The `iast_detection_category` setting allows users to specify categories of vuln See this example to skip scanning for SQL Injection and SSRF. The `sql_injection` and `ssrf` parameters are set to `true`: ```yml - exclude_from_iast_scan: - iast_detection_category: - insecure_settings: false - invalid_file_access: false - sql_injection: true - nosql_injection: false - ldap_injection: false - javascript_injection: false - command_injection: false - xpath_injection: false - ssrf: true - rxss: false + exclude_from_iast_scan: + iast_detection_category: + insecure_settings: false + invalid_file_access: false + sql_injection: true + nosql_injection: false + ldap_injection: false + javascript_injection: false + command_injection: false + xpath_injection: false + ssrf: true + rxss: false ``` @@ -339,32 +341,32 @@ See this example to skip scanning for SQL Injection and SSRF. The `sql_injection You can use this combined configuration: ```yml - security: + security: + enabled: true + scan_schedule: + delay: 0 # In minutes, default is 0 min + duration: 0 # In minutes, default will be forever + #schedule: "" # Cron Expression to define start time + always_sample_traces: false # continuously collect samples + exclude_from_iast_scan: + api: [] + http_request_parameters: + header: [] + query: [] + body: [] + iast_detection_category: + insecure_settings: false + invalid_file_access: false + sql_injection: false + nosql_injection: false + ldap_injection: false + javascript_injection: false + command_injection: false + xpath_injection: false + ssrf: false + rxss: false + agent: enabled: true - scan_schedule: - delay: 0 #In minutes, default is 0 min - duration: 0 #In minutes, default will be forever - #schedule: "" #Cron Expression to define start time - always_sample_traces: false #continuously collect samples - exclude_from_iast_scan: - api: [] - http_request_parameters: - header: [] - query: [] - body: [] - iast_detection_category: - insecure_settings: false - invalid_file_access: false - sql_injection: false - nosql_injection: false - ldap_injection: false - javascript_injection: false - command_injection: false - xpath_injection: false - ssrf: false - rxss: false - agent: - enabled: true ``` ## IAST scan controllers [#iast-scan-controllers] @@ -373,8 +375,3 @@ You can use this combined configuration: ### IAST scan rate limit [#iast-scan-rate-limit] IAST scan rate limit settings limit the maximum number of analysis probes or requests that can be sent to the application in one minute. The default IAST scan rate limit is set to a minimum of 12 replay requests per minute and a maximum of 3,600 replay requests per minute. - - - - - diff --git a/src/content/docs/iast/troubleshooting.mdx b/src/content/docs/iast/troubleshooting.mdx index dde1e818c9b..850895cad12 100644 --- a/src/content/docs/iast/troubleshooting.mdx +++ b/src/content/docs/iast/troubleshooting.mdx @@ -163,7 +163,8 @@ If you don't find your problem listed here, you can always reach out to [New Rel You can update the `appId` in the below query and run it in the query builder to find all the vulnerabilities reported for your application. ```sql - SELECT * FROM Vulnerability WHERE issueType = 'Application Vulnerability' AND appId = '{your application's appId}' + SELECT * FROM Vulnerability + WHERE issueType = 'Application Vulnerability' AND appId = YOU_APPLICATION_ID ``` @@ -193,7 +194,7 @@ If you don't find your problem listed here, you can always reach out to [New Rel For instance, let's suppose that your application is using libraries for [Mongo DB](http://go.mongodb.org/mongo-driver/mongo). For this specific library, you need to import this [instrumentation package](https://github.com/newrelic/csec-go-agent/tree/main/instrumentation/csec_mongodb_mongo) from newrelic: - ``` + ```go import ( "github.com/newrelic/go-agent/v3/integrations/nrsecurityagent" "github.com/newrelic/go-agent/v3/newrelic" @@ -208,8 +209,8 @@ If you don't find your problem listed here, you can always reach out to [New Rel * If you're opening an HTTP protocol endpoint, place the `newrelic.WrapListen` function around the endpoint name to enable vulnerability scanning against that endpoint: - ``` - http.ListenAndServe(newrelic.WrapListen(":"), nil) + ```go + http.ListenAndServe(newrelic.WrapListen(":YOUR_PORT_NUMBER"), nil) ``` @@ -227,16 +228,16 @@ If you don't find your problem listed here, you can always reach out to [New Rel * Disable low-priority-instrumentation from security config: - ``` + ```yml low-priority-instrumentation: - enabled: false + enabled: false ``` * Exclude low-priority-instrumentation class from the class transformer. To do this, add the given lines in the `class_transformer` section of the config file: - ``` + ```yml com.newrelic.instrumentation.security.low-priority-instrumentation: - enabled: false + enabled: false ```