Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nr 324109 updating iast Dec 13 #19529

Open
wants to merge 7 commits into
base: develop
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 6 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ redirects:
- /docs/accounts/accounts/account-maintenance/unsubscribe-new-relic-emails
freshnessValidatedDate: never
---

* Test branch
In your New Relic account settings, you can subscribe and unsubscribe to specific types of emails, and edit other email preferences.

<Callout variant="tip">
Expand Down
194 changes: 165 additions & 29 deletions src/content/docs/iast/install.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -9,93 +9,227 @@
---

<Callout variant="important">
Run IAST with non-production deployments only. IAST tests by invoking HTTP requests with an exploit payload. You must use IAST in non-production environments with only simulated data to avoid both data corruption and introducing exploits into your live code. In addition, when you run IAST on new code in pre-production, you catch potential vulnerabilities before they go live.
Run IAST with non-production deployments only. IAST tests the application by
invoking HTTP requests with an exploit payload. You must use IAST in
non-production environments with only simulated data to avoid both data
corruption and introducing exploits into your live code. In addition, when you

Check notice on line 15 in src/content/docs/iast/install.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/docs/iast/install.mdx#L15

[Microsoft.Wordiness] Consider using 'also' instead of 'In addition'.
Raw output
{"message": "[Microsoft.Wordiness] Consider using 'also' instead of 'In addition'.", "location": {"path": "src/content/docs/iast/install.mdx", "range": {"start": {"line": 15, "column": 60}}}, "severity": "INFO"}
run IAST on new code in pre-production, you catch potential vulnerabilities
before they go live.
</Callout>

## Install New Relic IAST

There are primarily five stages involved in successful installation of IAST:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Many of the screenshots in this article dont seem to add value. Discuss with me.


1. [Safety Check](#safety-check)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Capitalization is not uniform in this list

2. [Selection of Application Language](#selection-of-application-language)
3. [Updating the APM Agent](#updating-the-apm-agent)
4. [Setting up the Security Agent](#setting-up-the-security-agent)
5. [Restart and test the application](#restart-and-test-the-application)

<CONTRIBUTOR_NOTE>

Check warning on line 30 in src/content/docs/iast/install.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/docs/iast/install.mdx#L30

[Microsoft.FirstPerson] Use first person (such as ' I') sparingly.
Raw output
{"message": "[Microsoft.FirstPerson] Use first person (such as ' I') sparingly.", "location": {"path": "src/content/docs/iast/install.mdx", "range": {"start": {"line": 30, "column": 19}}}, "severity": "WARNING"}
I may need to delete the above steps as these steps do not align with our Style guide.

Check failure on line 31 in src/content/docs/iast/install.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/docs/iast/install.mdx#L31

[Microsoft.Contractions] Use 'don't' instead of 'do not'.
Raw output
{"message": "[Microsoft.Contractions] Use 'don't' instead of 'do not'.", "location": {"path": "src/content/docs/iast/install.mdx", "range": {"start": {"line": 31, "column": 53}}}, "severity": "ERROR"}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this a comment?

</CONTRIBUTOR_NOTE>

To install New Relic IAST:

<Steps>
<Step>
Go to <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST**</DNT> and click <DNT>**Set up IAST with applications**</DNT>.
Go to <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST** </DNT> and click <DNT>**Install**</DNT>.

<img
title="Set up IAST with applications"
alt="Set up IAST with applications"
src="/images/iast_screenshot-full_install.webp"
/>

</Step>

<Step>
Confirm IAST isn't running in a production environment and click <DNT>**Continue**</DNT>.

<Callout variant="important">
Before you start IAST installation, review the IAST testing steps and how exploitable vulnerabilities are detected.

Check notice on line 51 in src/content/docs/iast/install.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/docs/iast/install.mdx#L51

[Microsoft.Passive] 'are detected' looks like passive voice.
Raw output
{"message": "[Microsoft.Passive] 'are detected' looks like passive voice.", "location": {"path": "src/content/docs/iast/install.mdx", "range": {"start": {"line": 51, "column": 105}}}, "severity": "INFO"}
For more information, refer: [IAST exploitable vulnerabilities](https://docs.newrelic.com/docs/iast/exploitable-vulns/)
</Callout>

</Step>
## Safety Check

Make sure IAST is not running in the production environment and click <DNT>**Continue**</DNT>.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Repeated information.

<img
title="IAST Install Instruction Screen"
alt="IAST Installation Instruction Screen"
src="/images/iast-install-steps.webp"
/>

</Step>

<Step>
Select the language of your application and complete the steps.

## Selection of Application Language

Select the language of your application and complete the steps. The application languages supported are: Java, Node, and Go.
<img
title="Install New Relic IAST"
alt="Install New Relic IAST"
src="/images/iast_screenshot-crop_install.webp"
/>
</Step>

<Step>
Make sure your `newrelic.yml` config file is updated as follows:
Once you select the application language, make sure to follow the on-screen instructions and must watch the [relevant application language video](/docs/iast/install/#check-out-these-demo-videos-for-setting-up-iast-with-different-application-languages) for successful installation of IAST.

<Callout variant="caution">
- You may encounter error if on-screen instructions are not followed properly.

Check notice on line 80 in src/content/docs/iast/install.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/docs/iast/install.mdx#L80

[new-relic.ComplexWords] Consider using 'meet' instead of 'encounter'.
Raw output
{"message": "[new-relic.ComplexWords] Consider using 'meet' instead of 'encounter'.", "location": {"path": "src/content/docs/iast/install.mdx", "range": {"start": {"line": 80, "column": 13}}}, "severity": "INFO"}

Check failure on line 80 in src/content/docs/iast/install.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/docs/iast/install.mdx#L80

[Microsoft.Contractions] Use 'aren't' instead of 'are not'.
Raw output
{"message": "[Microsoft.Contractions] Use 'aren't' instead of 'are not'.", "location": {"path": "src/content/docs/iast/install.mdx", "range": {"start": {"line": 80, "column": 55}}}, "severity": "ERROR"}

Check notice on line 80 in src/content/docs/iast/install.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/docs/iast/install.mdx#L80

[new-relic.Adverbs] Consider removing 'properly'.
Raw output
{"message": "[new-relic.Adverbs] Consider removing 'properly'.", "location": {"path": "src/content/docs/iast/install.mdx", "range": {"start": {"line": 80, "column": 72}}}, "severity": "INFO"}
</Callout>

</Step>

<Step>

## Update the APM agent

<CollapserGroup>
<Collapser
id="config-file-example"
title={<><InlineCode>newrelic.yml</InlineCode> config file</>}
>
<Collapser
id="update-apm-agent-for-java"
title="Update the APM agent for Java Application Language"
>

Update the APM agent to the latest version. The minimum version supported is: v8.9.0. To update the java agent, follow these on-screen [instructions](https://docs.newrelic.com/docs/apm/agents/java-agent/installation/update-java-agent/) and verify the agent version using the command:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Confusing. Are we updating the APM agent or the Java agent?
Capitlization for Java is wrong.


```
java -jar newrelic.jar -v

```

Click on the **Next** to setup the security agent.

<img
title="Install New Relic IAST"
alt="Install New Relic IAST"
src="/images/iast-install-java.webp"
/>

</Collapser>

<Collapser
id="setup-application-using-node"
title="Update APM agent for node.js runtime environment"
>
Will write text here...2

</Collapser>
</CollapserGroup>

</Step>

<Step>

## Setup security agent

<CollapserGroup>
<Collapser
id="setup-security-agent-java"
title="Setup security agent for java application"
>

Setup the security agent by enabling the security agent settings. Make sure your `newrelic.yml` config file is updated as follows:

- `newrelic.yml` config file (This setting is common for EU and Fed users)

```yml
security:
enabled: true
agent:
enabled: true
```
</Collapser>

<Collapser
id="config-eu-file-example"
title={<><InlineCode>newrelic.yml</InlineCode> config file for EU</>}
>
- `newrelic.yml` config file for EU

```yml
security:
enabled: true
agent:
enabled: true
validator_service_url: wss://csec.eu01.nr-data.net
```
</Collapser>
- `newrelic.yml` config file for Fed users

<Collapser
id="config-file-fed-example"
title={<><InlineCode>newrelic.yml</InlineCode> config file for Fed users</>}
>
```yml
security:
security:
enabled: true
agent:
enabled: true
validator_service_url: wss://csec-gov.nr-data.net
```
</Collapser>
</CollapserGroup>
</Step>

Set the `security.enabled` and `security.agent.enabled` flag to true in the **newrelic.yml** config file. Make sure the `high_security` in **newrelic.yml** is turned off for the IAST to work.

<img
title="IAST Full Configuration"
alt="IAST Full Configuration"
src="/images/iast-full-configuration.webp"
/>

The code shown above for **Setup security agent** is the bare minimum requirement to start the IAST.

To fully configure the IAST, click on `View security config fields` and copy the **Security Config** Code. Now open the **newrelic.yml** file and paste the copied code below `high_security: false`.

<Callout variant="tip">

`yml` is sensitive to indents and spacing, make sure the code pasted in **newrelic.yml** file is lined up underneath the high security settings:

</Callout>

<img
title="yml to paste code for full configuration"
alt="yml to paste code"
src="/images/yml-to-paste-code.webp"
/>

</Collapser>

<Collapser
id="demo-install-nodejs"
title="Set up security agent for node.js"
>
Will write text for node here........

</Collapser>

</CollapserGroup>

</Step>

<Step>
Once you've completed all the steps, restart your application and generate traffic against the application's APIs.
## Restart and test the application

To start testing with the IAST agent, restart your application and generate traffic against your application’s APIs. Click <DNT>**See your data**</DNT> for an overview of your tested application.

<img
title="Install New Relic IAST"
alt="New Relic IAST on-screen instructions"
src="/images/iast-see-your-data-button.webp"
/>

</Step>

<Step>
Click <DNT>**See your data**</DNT> to see an overview of your tested application.

## Test application window
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this a step?


The below screen will show IAST test results as per your configurations.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The following screen


<img
title="Install New Relic IAST"
alt="New Relic IAST See your data tab"
src="/images/iast-see-your-data.webp"
/>

To reach the test application window, go to <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST** </DNT> and click <DNT>**Testing Status**</DNT>.

</Step>

</Steps>

For more detailed instructions, check out these examples demo below.
## Check out these demo videos for setting up IAST with different application languages

<CollapserGroup>
<Collapser
Expand All @@ -108,6 +242,7 @@
type="wistia"
id="dbipyzuyok"
/>

</Collapser>

<Collapser
Expand All @@ -120,5 +255,6 @@
type="wistia"
id="1m2suxuvuz"
/>

</Collapser>
</CollapserGroup>
Binary file added static/images/iast-full-configuration.webp
Binary file not shown.
Binary file added static/images/iast-install-java.webp
Binary file not shown.
Binary file added static/images/iast-install-steps.webp
Binary file not shown.
Binary file added static/images/iast-see-your-data-button.webp
Binary file not shown.
Binary file added static/images/iast-see-your-data.webp
Binary file not shown.
Binary file modified static/images/iast_screenshot-full_install.webp
Binary file not shown.
Binary file added static/images/iast_screenshot-full_install1.webp
Binary file not shown.
Loading