-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nr 324109 updating iast Dec 13 #19529
base: develop
Are you sure you want to change the base?
Changes from 6 commits
d365c6f
f888be7
d8ae25b
5833eea
899a860
f427355
26c7216
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,93 +9,227 @@ | |
--- | ||
|
||
<Callout variant="important"> | ||
Run IAST with non-production deployments only. IAST tests by invoking HTTP requests with an exploit payload. You must use IAST in non-production environments with only simulated data to avoid both data corruption and introducing exploits into your live code. In addition, when you run IAST on new code in pre-production, you catch potential vulnerabilities before they go live. | ||
Run IAST with non-production deployments only. IAST tests the application by | ||
invoking HTTP requests with an exploit payload. You must use IAST in | ||
non-production environments with only simulated data to avoid both data | ||
corruption and introducing exploits into your live code. In addition, when you | ||
Check notice on line 15 in src/content/docs/iast/install.mdx GitHub Actions / vale[vale] src/content/docs/iast/install.mdx#L15
Raw output
|
||
run IAST on new code in pre-production, you catch potential vulnerabilities | ||
before they go live. | ||
</Callout> | ||
|
||
## Install New Relic IAST | ||
|
||
There are primarily five stages involved in successful installation of IAST: | ||
|
||
1. [Safety Check](#safety-check) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Capitalization is not uniform in this list |
||
2. [Selection of Application Language](#selection-of-application-language) | ||
3. [Updating the APM Agent](#updating-the-apm-agent) | ||
4. [Setting up the Security Agent](#setting-up-the-security-agent) | ||
5. [Restart and test the application](#restart-and-test-the-application) | ||
|
||
<CONTRIBUTOR_NOTE> | ||
Check warning on line 30 in src/content/docs/iast/install.mdx GitHub Actions / vale[vale] src/content/docs/iast/install.mdx#L30
Raw output
|
||
I may need to delete the above steps as these steps do not align with our Style guide. | ||
Check failure on line 31 in src/content/docs/iast/install.mdx GitHub Actions / vale[vale] src/content/docs/iast/install.mdx#L31
Raw output
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is this a comment? |
||
</CONTRIBUTOR_NOTE> | ||
|
||
To install New Relic IAST: | ||
|
||
<Steps> | ||
<Step> | ||
Go to <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST**</DNT> and click <DNT>**Set up IAST with applications**</DNT>. | ||
Go to <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST** </DNT> and click <DNT>**Install**</DNT>. | ||
|
||
<img | ||
title="Set up IAST with applications" | ||
alt="Set up IAST with applications" | ||
src="/images/iast_screenshot-full_install.webp" | ||
/> | ||
|
||
</Step> | ||
|
||
<Step> | ||
Confirm IAST isn't running in a production environment and click <DNT>**Continue**</DNT>. | ||
|
||
<Callout variant="important"> | ||
Before you start IAST installation, review the IAST testing steps and how exploitable vulnerabilities are detected. | ||
Check notice on line 51 in src/content/docs/iast/install.mdx GitHub Actions / vale[vale] src/content/docs/iast/install.mdx#L51
Raw output
|
||
For more information, refer: [IAST exploitable vulnerabilities](https://docs.newrelic.com/docs/iast/exploitable-vulns/) | ||
</Callout> | ||
|
||
</Step> | ||
## Safety Check | ||
|
||
Make sure IAST is not running in the production environment and click <DNT>**Continue**</DNT>. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Repeated information. |
||
<img | ||
title="IAST Install Instruction Screen" | ||
alt="IAST Installation Instruction Screen" | ||
src="/images/iast-install-steps.webp" | ||
/> | ||
|
||
</Step> | ||
|
||
<Step> | ||
Select the language of your application and complete the steps. | ||
|
||
## Selection of Application Language | ||
|
||
Select the language of your application and complete the steps. The application languages supported are: Java, Node, and Go. | ||
<img | ||
title="Install New Relic IAST" | ||
alt="Install New Relic IAST" | ||
src="/images/iast_screenshot-crop_install.webp" | ||
/> | ||
</Step> | ||
|
||
<Step> | ||
Make sure your `newrelic.yml` config file is updated as follows: | ||
Once you select the application language, make sure to follow the on-screen instructions and must watch the [relevant application language video](/docs/iast/install/#check-out-these-demo-videos-for-setting-up-iast-with-different-application-languages) for successful installation of IAST. | ||
|
||
<Callout variant="caution"> | ||
- You may encounter error if on-screen instructions are not followed properly. | ||
Check notice on line 80 in src/content/docs/iast/install.mdx GitHub Actions / vale[vale] src/content/docs/iast/install.mdx#L80
Raw output
Check failure on line 80 in src/content/docs/iast/install.mdx GitHub Actions / vale[vale] src/content/docs/iast/install.mdx#L80
Raw output
Check notice on line 80 in src/content/docs/iast/install.mdx GitHub Actions / vale[vale] src/content/docs/iast/install.mdx#L80
Raw output
|
||
</Callout> | ||
|
||
</Step> | ||
|
||
<Step> | ||
|
||
## Update the APM agent | ||
|
||
<CollapserGroup> | ||
<Collapser | ||
id="config-file-example" | ||
title={<><InlineCode>newrelic.yml</InlineCode> config file</>} | ||
> | ||
<Collapser | ||
id="update-apm-agent-for-java" | ||
title="Update the APM agent for Java Application Language" | ||
> | ||
|
||
Update the APM agent to the latest version. The minimum version supported is: v8.9.0. To update the java agent, follow these on-screen [instructions](https://docs.newrelic.com/docs/apm/agents/java-agent/installation/update-java-agent/) and verify the agent version using the command: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Confusing. Are we updating the APM agent or the Java agent? |
||
|
||
``` | ||
java -jar newrelic.jar -v | ||
|
||
``` | ||
|
||
Click on the **Next** to setup the security agent. | ||
|
||
<img | ||
title="Install New Relic IAST" | ||
alt="Install New Relic IAST" | ||
src="/images/iast-install-java.webp" | ||
/> | ||
|
||
</Collapser> | ||
|
||
<Collapser | ||
id="setup-application-using-node" | ||
title="Update APM agent for node.js runtime environment" | ||
> | ||
Will write text here...2 | ||
|
||
</Collapser> | ||
</CollapserGroup> | ||
|
||
</Step> | ||
|
||
<Step> | ||
|
||
## Setup security agent | ||
|
||
<CollapserGroup> | ||
<Collapser | ||
id="setup-security-agent-java" | ||
title="Setup security agent for java application" | ||
> | ||
|
||
Setup the security agent by enabling the security agent settings. Make sure your `newrelic.yml` config file is updated as follows: | ||
|
||
- `newrelic.yml` config file (This setting is common for EU and Fed users) | ||
|
||
```yml | ||
security: | ||
enabled: true | ||
agent: | ||
enabled: true | ||
``` | ||
</Collapser> | ||
|
||
<Collapser | ||
id="config-eu-file-example" | ||
title={<><InlineCode>newrelic.yml</InlineCode> config file for EU</>} | ||
> | ||
- `newrelic.yml` config file for EU | ||
|
||
```yml | ||
security: | ||
enabled: true | ||
agent: | ||
enabled: true | ||
validator_service_url: wss://csec.eu01.nr-data.net | ||
``` | ||
</Collapser> | ||
- `newrelic.yml` config file for Fed users | ||
|
||
<Collapser | ||
id="config-file-fed-example" | ||
title={<><InlineCode>newrelic.yml</InlineCode> config file for Fed users</>} | ||
> | ||
```yml | ||
security: | ||
security: | ||
enabled: true | ||
agent: | ||
enabled: true | ||
validator_service_url: wss://csec-gov.nr-data.net | ||
``` | ||
</Collapser> | ||
</CollapserGroup> | ||
</Step> | ||
|
||
Set the `security.enabled` and `security.agent.enabled` flag to true in the **newrelic.yml** config file. Make sure the `high_security` in **newrelic.yml** is turned off for the IAST to work. | ||
|
||
<img | ||
title="IAST Full Configuration" | ||
alt="IAST Full Configuration" | ||
src="/images/iast-full-configuration.webp" | ||
/> | ||
|
||
The code shown above for **Setup security agent** is the bare minimum requirement to start the IAST. | ||
|
||
To fully configure the IAST, click on `View security config fields` and copy the **Security Config** Code. Now open the **newrelic.yml** file and paste the copied code below `high_security: false`. | ||
|
||
<Callout variant="tip"> | ||
|
||
`yml` is sensitive to indents and spacing, make sure the code pasted in **newrelic.yml** file is lined up underneath the high security settings: | ||
|
||
</Callout> | ||
|
||
<img | ||
title="yml to paste code for full configuration" | ||
alt="yml to paste code" | ||
src="/images/yml-to-paste-code.webp" | ||
/> | ||
|
||
</Collapser> | ||
|
||
<Collapser | ||
id="demo-install-nodejs" | ||
title="Set up security agent for node.js" | ||
> | ||
Will write text for node here........ | ||
|
||
</Collapser> | ||
|
||
</CollapserGroup> | ||
|
||
</Step> | ||
|
||
<Step> | ||
Once you've completed all the steps, restart your application and generate traffic against the application's APIs. | ||
## Restart and test the application | ||
|
||
To start testing with the IAST agent, restart your application and generate traffic against your application’s APIs. Click <DNT>**See your data**</DNT> for an overview of your tested application. | ||
|
||
<img | ||
title="Install New Relic IAST" | ||
alt="New Relic IAST on-screen instructions" | ||
src="/images/iast-see-your-data-button.webp" | ||
/> | ||
|
||
</Step> | ||
|
||
<Step> | ||
Click <DNT>**See your data**</DNT> to see an overview of your tested application. | ||
|
||
## Test application window | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why is this a step? |
||
|
||
The below screen will show IAST test results as per your configurations. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The following screen |
||
|
||
<img | ||
title="Install New Relic IAST" | ||
alt="New Relic IAST See your data tab" | ||
src="/images/iast-see-your-data.webp" | ||
/> | ||
|
||
To reach the test application window, go to <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST** </DNT> and click <DNT>**Testing Status**</DNT>. | ||
|
||
</Step> | ||
|
||
</Steps> | ||
|
||
For more detailed instructions, check out these examples demo below. | ||
## Check out these demo videos for setting up IAST with different application languages | ||
|
||
<CollapserGroup> | ||
<Collapser | ||
|
@@ -108,6 +242,7 @@ | |
type="wistia" | ||
id="dbipyzuyok" | ||
/> | ||
|
||
</Collapser> | ||
|
||
<Collapser | ||
|
@@ -120,5 +255,6 @@ | |
type="wistia" | ||
id="1m2suxuvuz" | ||
/> | ||
|
||
</Collapser> | ||
</CollapserGroup> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Many of the screenshots in this article dont seem to add value. Discuss with me.