-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IAST troubleshooting re-writes #19330
base: develop
Are you sure you want to change the base?
Changes from 2 commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
--- | ||
title: Application stability issue | ||
tags: | ||
- IAST | ||
- New Relic IAST | ||
- Troubleshooting | ||
metaDescription: Troubleshoot application stability issues in New Relic platform. | ||
freshnessValidatedDate: 2024-07-16 | ||
--- | ||
|
||
## Problem | ||
|
||
Your application isn't stable during high traffic and you are facing latency issues. | ||
|
||
## Solution | ||
|
||
Your application may show some latency for some time as part of IAST during high traffic. This should resolve within a few minutes after it finishes the IAST test. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Start the sentence with "When there is high traffic, your application...." There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done |
||
|
||
You can also check the snapshot log file in the `nr-security-home/logs/snapshots` folder. The log file shows you the status of the security agent, resource usage, and the last five errors. |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
--- | ||
title: No vulnerabilities detected for Golang application | ||
tags: | ||
- IAST | ||
- New Relic IAST | ||
- Troubleshooting | ||
metaDescription: Troubleshoot Golang application if no vulnerabilities are detected. | ||
freshnessValidatedDate: 2024-07-16 | ||
--- | ||
|
||
## Problem | ||
|
||
You don't see any vulnerability for your Golang application. | ||
|
||
## Solution | ||
|
||
- For Golang, ensure that you imported the required instrumentation packages of libraries and frameworks. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why is this a bullet point? We normally don't create a list with just one bullet. |
||
|
||
For example, your application is using libraries for [Mongo DB](http://go.mongodb.org/mongo-driver/mongo). For this specific library, you need to import this [instrumentation package](https://github.com/newrelic/csec-go-agent/tree/main/instrumentation/csec_mongodb_mongo) from newrelic: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Check capitalization of newrelic There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. "...Mongo DB, then you must import the instrumentation package library..." Check capitlaizaton for all proper nouns |
||
|
||
``` | ||
import ( | ||
"github.com/newrelic/go-agent/v3/integrations/nrsecurityagent" | ||
"github.com/newrelic/go-agent/v3/newrelic" | ||
"github.com/newrelic/csec-go-agent/instrumentation/csec_mongodb_mongo" | ||
"go.mongodb.org/mongo-driver/mongo" | ||
) | ||
``` | ||
|
||
Depending on you application requierement, you might have to import additional packages. Check our [list of supported packages](https://github.com/newrelic/csec-go-agent#instrumentation-packages). | ||
Check notice on line 30 in src/content/docs/iast/troubleshooting/unable-to-detect-vulnerabilities-for-golang-application.mdx GitHub Actions / vale[vale] src/content/docs/iast/troubleshooting/unable-to-detect-vulnerabilities-for-golang-application.mdx#L30
Raw output
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Depending on the requirements of your package, you may.... |
||
|
||
Also, make sure you imported the corresponding [package](https://github.com/newrelic/go-agent?tab=readme-ov-file#service-frameworks) for each module. | ||
|
||
- For HTTP protocol endpoint, use the following `newrelic.WrapListen` function to enable vulnerability scanning against the endpoint: | ||
|
||
``` | ||
http.ListenAndServe(newrelic.WrapListen(":<YOUR PORT NUMBER>"), nil) | ||
``` | ||
|
||
<Callout variant="important"> | ||
You can skip this step if you're on a Linux environment. | ||
</Callout> | ||
|
||
- For a specific case of outbound HTTP request or calls to external services, you need to [update your application method](/docs/apm/agents/go-agent/instrumentation/instrument-go-segments/#go-external-segments). |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
--- | ||
title: Unable to find known vulnerabilities | ||
tags: | ||
- IAST | ||
- New Relic IAST | ||
- Troubleshooting | ||
metaDescription: Unable to find known vulnerabilities | ||
freshnessValidatedDate: 2024-07-16 | ||
--- | ||
|
||
## Problem | ||
|
||
I tested an application with known vulnerabilities, but IAST couldn't detect any vulnerability. | ||
Check warning on line 13 in src/content/docs/iast/troubleshooting/unable-to-find-known-vulnerabilities.mdx GitHub Actions / vale[vale] src/content/docs/iast/troubleshooting/unable-to-find-known-vulnerabilities.mdx#L13
Raw output
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The use of first person is inconsistent with the other "Problem" sections |
||
|
||
|
||
## Solution | ||
|
||
IAST starts testing when it detects some traffic, so check if your application works out or has any traffic directed at it. Perform the app's UI or API endpoints. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. What does "works out" mean? |
||
Also, IAST requires restarting the application after it's enabled. | ||
|
||
|
||
Ensure that you are using a [supported application framework](https://docs.newrelic.com/docs/new-relic-solutions/new-relic-one/install-configure/compatibility-requirements-new-relic-agents-products/) and the [latest instrumentation package](https://github.com/newrelic/csec-go-agent#instrumentation-packages) for your application. | ||
|
||
|
||
## Cause | ||
|
||
These are the possible reasons IAST isn't detecting any known vulnerabilities: | ||
|
||
- IAST doesn't support application framework. | ||
|
||
- There is no instrumentation for the module. | ||
|
||
- The agent hasn't been restarted after IAST has been installed or configured. | ||
|
||
- No traffic is detected. |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
--- | ||
title: Unable to see application | ||
tags: | ||
- IAST | ||
- New Relic IAST | ||
- Troubleshooting | ||
metaDescription: Unable to find my application in the New Relic UI. | ||
freshnessValidatedDate: 2024-07-16 | ||
--- | ||
|
||
## Problem | ||
|
||
I don't see my application in the New Relic UI. | ||
Check warning on line 13 in src/content/docs/iast/troubleshooting/unable-to-see-application.mdx GitHub Actions / vale[vale] src/content/docs/iast/troubleshooting/unable-to-see-application.mdx#L13
Raw output
Check warning on line 13 in src/content/docs/iast/troubleshooting/unable-to-see-application.mdx GitHub Actions / vale[vale] src/content/docs/iast/troubleshooting/unable-to-see-application.mdx#L13
Raw output
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same as above |
||
|
||
|
||
|
||
## Solution | ||
|
||
If you don't see your application in <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > All Tests**</DNT>, check the following: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The bullets here are not parallel. Please reach each as a continuation of "...check the following" |
||
|
||
- Your application is up and running. Check the application process or the [APM & Services page](/docs/alerts-applied-intelligence/new-relic-alerts/advanced-alerts/advanced-techniques/view-events-their-products#products). | ||
- The application's logs to find out if there's a problem. | ||
- The version of your APM agent and udpate it if needed. | ||
- The `newrelic.yml` config file includes the modification of the parameters as indicated on the [install page](/docs/iast/install). | ||
- Go to the `nr-security-home/logs` directory and find the `[SETP-8]` line in the `LANGUAGE-security-collector-init.log` file. Check if there is an unexpected error and check what failed. | ||
- The application has traffic. Generate some traffic to allow IAST to test your application. | ||
- Proxy or firewall blocking access. Whitelist the following IPs `3.134.136.130, 18.219.177.104, 18.117.21.106` for the domain <DNT>**csec.nr-data.net**</DNT>, the following IPs `3.130.22.102, 3.138.243.136, 3.139.218.150` for the domain <DNT>**csec-gov.nr-data.net**</DNT> and the following IPs `18.185.235.118, 3.125.193.113, 3.75.166.122` for the domain <DNT>**csec.eu01.nr-data.net**</DNT>. But our recommendation is to add domains in the whitelist instead of the IPs as these IPs are bound to change anytime. | ||
- The TLS certificate is correct. Add Let's Encrypt CA certificate (download from [Let's Encrypt Certificates](https://letsencrypt.org/certificates/#root-certificates)) to your local trust store. Include both the root certificates and the intermediate ones (ISRG Root X1 & Let's Encrypt R3) to establish the complete chain of trust. | ||
- Your application's framework or vulnerability category is supported. | ||
|
||
## Cause | ||
|
||
Possible reasons for not finding your application in the New Relic UI are: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. None of these bullets should have a period at the end |
||
* A wrong version of the APM agent. | ||
* IAST flags being disabled. | ||
Check notice on line 35 in src/content/docs/iast/troubleshooting/unable-to-see-application.mdx GitHub Actions / vale[vale] src/content/docs/iast/troubleshooting/unable-to-see-application.mdx#L35
Raw output
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ...flags are... |
||
* Proxy or Firewall blocking access. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. firewall |
||
* Wrong TLS Certificate. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. certificate |
||
* Lack of traffic on the application. | ||
* Any unexpected error. |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
--- | ||
title: Unable to find expected vulnerabilities in the UI | ||
tags: | ||
- IAST | ||
- New Relic IAST | ||
- Troubleshooting | ||
metaDescription: Troubleshoot errors if you don't see the vulnerabilities in New Relic platform. | ||
freshnessValidatedDate: 2024-07-16 | ||
--- | ||
|
||
## Problem | ||
you can see your application in the New Relic UI and the security agent successfully started IAST, but you don't see vulnerabilities in the UI. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. You |
||
|
||
## Solution | ||
|
||
If this is a new app, firewalls could be preventing it from communicating with the New Relic platform. Check the service stats section in the file with the latest timestamp in `nr-security-home/logs/snapshots`. All six items in that list should say OK. If they don't, review the logs for more info or reach out to [New Relic Support](https://support.newrelic.com). You can also see the [standard firewall documentation](/docs/new-relic-solutions/get-started/networks/). | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Second sentence:
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Last sentence "refer to" instead of "see" |
||
|
||
|
||
If you have configured your firewall correctly, check the following: | ||
|
||
* **The level of efficiency for your application:** Go to <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > All Tests**</DNT>. Search for your application and check the summary section. If IAST analysis coverage is low for your application, add more test cases to your application to get a higher level of testing efficiency. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Check capitalization of "summary" in "the summary section" |
||
|
||
* **The IAST coverage:** Go to <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > All Tests**</DNT>. Search for your application and click to view the summary section. Under the summary section, check if IAST analysis coverage is high and no vulnerabilities are detected, that means your application is secure. | ||
Check notice on line 23 in src/content/docs/iast/troubleshooting/unable-to-see-vulnerabilities.mdx GitHub Actions / vale[vale] src/content/docs/iast/troubleshooting/unable-to-see-vulnerabilities.mdx#L23
Raw output
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same comment as #21 |
||
|
||
* **Your application is secure:** In this case, check your IAST analysis coverage in <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > All Tests**</DNT>. Search for your application and check the summary section. If IAST Analysis coverage is 100% and no vulnerabilities are detected, that means your application is secure. | ||
Check notice on line 25 in src/content/docs/iast/troubleshooting/unable-to-see-vulnerabilities.mdx GitHub Actions / vale[vale] src/content/docs/iast/troubleshooting/unable-to-see-vulnerabilities.mdx#L25
Raw output
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same comment as #21 |
||
|
||
* **Your web socket connection is broken:** Please check the latest log file in your `nr-security-home/logs/snapshots/` folder, and look for the `Service stats -> websocket` line. The expected value is OK. | ||
Check notice on line 27 in src/content/docs/iast/troubleshooting/unable-to-see-vulnerabilities.mdx GitHub Actions / vale[vale] src/content/docs/iast/troubleshooting/unable-to-see-vulnerabilities.mdx#L27
Raw output
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. No need for "please" |
||
|
||
* Your application's framework or vulnerability category isn't supported. | ||
|
||
After checking these, if you don't see vulnerabilities in IAST, please contact [New Relic Support](https://support.newrelic.com/s/) and share your application's configuration and logs with our support team. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. no need for "please" |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
--- | ||
title: Unresponsive or crashed application | ||
tags: | ||
- IAST | ||
- New Relic IAST | ||
- Troubleshooting | ||
metaDescription: Troubleshooting unreponsive or crashed application. | ||
freshnessValidatedDate: 2024-07-16 | ||
--- | ||
|
||
## Problem | ||
|
||
After enabling IAST for your APM agent, your application becomes unresponsive and the application crashes. | ||
|
||
|
||
## Solution | ||
|
||
IAST analysis can expose uncaught errors or exceptions in your application. | ||
If the application has crashed due to lack of resources, increase the resources, restart the application, and perform IAST again. | ||
|
||
## Cause | ||
|
||
As a part of IAST, the security agent sends new requests to the application that increases the load, resulting in an increase in resource usage. |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
--- | ||
title: Unsure whether the agent is working properly | ||
tags: | ||
- IAST | ||
- New Relic IAST | ||
- Troubleshooting | ||
metaDescription: I'm not sure if IAST is working | ||
freshnessValidatedDate: 2024-07-16 | ||
--- | ||
|
||
|
||
## Problem | ||
|
||
I can see my application in the IAST UI and the security agent started successfully but I am not sure if IAST is working properly. | ||
Check warning on line 14 in src/content/docs/iast/troubleshooting/unsure-of-agent-working.mdx GitHub Actions / vale[vale] src/content/docs/iast/troubleshooting/unsure-of-agent-working.mdx#L14
Raw output
Check warning on line 14 in src/content/docs/iast/troubleshooting/unsure-of-agent-working.mdx GitHub Actions / vale[vale] src/content/docs/iast/troubleshooting/unsure-of-agent-working.mdx#L14
Raw output
Check warning on line 14 in src/content/docs/iast/troubleshooting/unsure-of-agent-working.mdx GitHub Actions / vale[vale] src/content/docs/iast/troubleshooting/unsure-of-agent-working.mdx#L14
Raw output
Check notice on line 14 in src/content/docs/iast/troubleshooting/unsure-of-agent-working.mdx GitHub Actions / vale[vale] src/content/docs/iast/troubleshooting/unsure-of-agent-working.mdx#L14
Raw output
|
||
|
||
|
||
## Solution | ||
|
||
|
||
1. Go to <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > Tests**</DNT>. | ||
|
||
2. Search for your application in the <DNT>**Application tests**</DNT> tab and click on it. | ||
|
||
3. View the details of the test including <DNT>**APIs covered**</DNT>, <DNT>**methods calls**</DNT>, and <DNT>**application testing efficiency**</DNT>. | ||
|
||
Also, if you set the log level to <DNT>**debug/finest**</DNT>, you can search for <DNT>**Fuzz request received**</DNT> in the `nr-security-home/logs/java-security-collector.log` file. This shows that the IAST analysis is in progress. |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
--- | ||
title: Viewing false positive vulnerabilities | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do you mean "seeing"? |
||
tags: | ||
- IAST | ||
- New Relic IAST | ||
- Troubleshooting | ||
metaDescription: Viewing false positive vulnerabilities for my application. | ||
freshnessValidatedDate: never | ||
--- | ||
|
||
## Problem | ||
|
||
I see a vulnerability that isn't an actual vulnerability (false positive) for my application. | ||
Check warning on line 13 in src/content/docs/iast/troubleshooting/viewing-false-vulnerabilities.mdx GitHub Actions / vale[vale] src/content/docs/iast/troubleshooting/viewing-false-vulnerabilities.mdx#L13
Raw output
Check warning on line 13 in src/content/docs/iast/troubleshooting/viewing-false-vulnerabilities.mdx GitHub Actions / vale[vale] src/content/docs/iast/troubleshooting/viewing-false-vulnerabilities.mdx#L13
Raw output
|
||
|
||
## solution | ||
|
||
Update the status of your vulnerability if you think IAST has reported a false positive. Follow these steps: | ||
|
||
- Search your application: Go to <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > All Tests**</DNT>. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. "Search your application" or "Search for your application"? |
||
|
||
- Click on the all applications tab and select the vulnerability that isn't an actual vulnerability. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. No "Click on"....always "Click" |
||
|
||
- Under the vulnerability details section, you can update the vulnerability status for the reported vulnerability. You can update its status to: | ||
- False positive | ||
- Resolved | ||
- Unresolved | ||
|
||
- If you want to list out the vulnerabilities for which you updated the status, you can apply the filter in the detected exploitable vulnerabilities list. |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
--- | ||
title: Seeing unknown files in the application directory | ||
tags: | ||
- IAST | ||
- New Relic IAST | ||
- Troubleshooting | ||
metaDescription: Remove unknown files from the application directory | ||
freshnessValidatedDate: 2024-07-16 | ||
--- | ||
|
||
## Problem | ||
|
||
I see unknown files and directories in my application directory and want to remove these. | ||
Check warning on line 13 in src/content/docs/iast/troubleshooting/viewing-unknown-files-and-directories.mdx GitHub Actions / vale[vale] src/content/docs/iast/troubleshooting/viewing-unknown-files-and-directories.mdx#L13
Raw output
Check warning on line 13 in src/content/docs/iast/troubleshooting/viewing-unknown-files-and-directories.mdx GitHub Actions / vale[vale] src/content/docs/iast/troubleshooting/viewing-unknown-files-and-directories.mdx#L13
Raw output
|
||
|
||
## Solution | ||
|
||
If your application has the functionality to create files and directories as part of serving an HTTP request, IAST will try to test the code path and hence, create such files and directories. | ||
Check notice on line 17 in src/content/docs/iast/troubleshooting/viewing-unknown-files-and-directories.mdx GitHub Actions / vale[vale] src/content/docs/iast/troubleshooting/viewing-unknown-files-and-directories.mdx#L17
Raw output
|
||
The application code, under the influence of incoming HTTP requests, creates these files. The agent can't deleted them. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. "delete" not "deleted" |
||
|
||
If you're sure that none of your APIs can create files and directories, share your application's configuration and logs with [New Relic Support](https://support.newrelic.com). | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"the IAST test"....should just be "...finishes IAST"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done