ABOUT THE TOPIC
This guide lists the software compatibility information for Virsec Security Platform (VSP) including VSP-Web, VSP-Memory and VSP-Host. The information provided covers the management infrastructure and supported server environments. Compatibility is based on VSP 2.5 release unless otherwise noted.
COMPATIBILITY MATRIXCOMPATIBILITY MATRIX
FOR CONTAINERS
Table below provides the software compatibility information for Workload Type - Containers
Operating System |
Executable Allowlisting |
AppControl Policies |
File System Monitoring |
Buffer Exploit Protection |
Web Application Protection |
||||
Java | PHP | ROR |
On Web Server |
||||||
RHEL7.6 |
✔ |
✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |
UBUNTU16.04 |
✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
✔ |
✔ | |
UBUNTU18.04 |
✔ |
✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |
UBUNTU20 |
✔ | ✔ | ✔ |
✔ |
✔ | ✔ | ✔ |
✔ |
|
DEBIAN-BUSTER-SLIM |
✔ | ✔ | ✔ | ✔ |
|
✔ | |||
DEBIAN-BUSTER |
✔ | ✔ | ✔ | ✔ |
|
|
|||
DEBIAN-STRETCH-SLIM |
✔ | ✔ | ✔ |
|
✔ | ||||
DEBIAN-STRETCH |
✔ | ✔ | ✔ |
|
|
||||
ALPINE3.6 |
✔ | ✔ | ✔ | ✔ |
|
|
|||
ALPINE3.7 |
✔ | ✔ | ✔ | ✔ |
|
|
|||
ALPINE3.8 |
✔ | ✔ |
✔ |
|
|
||||
ALPINE3.9 |
✔ | ✔ | ✔ | ✔ |
|
|
|||
ALPINE3.10 |
✔ | ✔ | ✔ | ✔ |
|
|
|||
ALPINE3.11 |
✔ | ✔ | ✔ | ✔ |
|
|
|||
ALPINE3.12 |
✔ | ✔ | ✔ | ✔ |
|
|
|||
ALPINE3.13 |
✔ | ✔ | ✔ | ✔ |
|
✔ |
Table – Compatibility Matrix for Containers
FOR VIRTUAL MACHINES
Table below provides the software compatibility information for Workload Type – Virtual Machines
Operating System |
Executable Allowlisting |
AppControl Policies |
File System Monitoring |
Memory Exploit Protection |
Buffer Exploit Protection |
Web Application Protection |
|||||
On Web Server |
|||||||||||
RHEL 6.5, 6.7/ CentOS 6.5, 6.7 |
✔ | ✔ | ✔ | ✔ | NA | ||||||
RHEL 6.10 (32 bit) |
✔ | ✔ | NA | ||||||||
RHEL7.6/ CentOS 7.6 |
✔ | ✔ | ✔ | ✔* |
✔ |
✔ | ✔ | ✔ | ✔ |
NA |
✔ |
RHEL8.0/ CentOS 8.0 |
✔ | ✔ | ✔ | ✔* |
✔ |
✔ | ✔ | ✔ | ✔ |
NA |
✔ |
UBUNTU16 |
✔ | ✔ | ✔ | ✔* |
|
✔ | ✔ | ✔ | ✔ |
NA |
✔ |
UBUNTU18 |
✔ | ✔ | ✔ | ✔* |
✔ |
✔ | ✔ | ✔ | ✔ |
NA |
✔ |
UBUNTU20 |
✔ | ✔ | ✔ | ✔* |
✔ |
✔ | ✔ | ✔ | ✔ |
NA |
✔ |
DEBIAN-9/STRETCH |
✔ | ✔ | ✔ | ✔* |
|
NA |
|||||
AMAZONLINUX-1 |
✔ | ✔ | ✔ |
✔ |
✔ |
NA |
|||||
AMAZONLINUX-2 |
✔ | ✔ | ✔ |
✔ |
✔ |
NA |
|||||
WINDOWS 2008 R2 SP1 |
✔ | ✔ | ✔ | ✔ |
|
NA |
|||||
WINDOWS 2012 R2 |
✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
✔ |
||||
WINDOWS 2016 |
✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
✔ |
||||
WINDOWS 2019 |
✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
✔ |
Table – Compatibility Matrix for VMs
* Memory Exploit Protection supported in a few kernels only. Refer Section Supported Kernel Versions for Memory Exploit Protection for more information
NOTE:
VSP is not supported for:
-
Workloads running SELinux or AppArmor in enforcing mode (Linux only)
-
Hosts running hypervisor: Example ESXi/Hyper-V/Zen/KVM
-
Hosts running docker (Linux only)
CONTAINER ORCHESTRATION SUPPORT
Table below provides the Container Orchestration Support information:
Container Orchestration Type |
VSP Deployment |
Workload Deployment |
Notes |
Kubernetes - Kubectl |
✔ | ✔ |
Supported versions: Kubernetes - 1.18, 1.19, 1.20, 1.21, 1.22 Docker Engine - 19.03 |
Helm Charts |
✔ | ✔ |
Supported versions: Helm 2, Helm 3 |
Docker-only |
|
✔ |
Supported Docker Versions: 18.x, 19.x, 20.x |
Amazon ECS on Fargate |
|
✔ |
|
Amazon ECS on EC2 |
|
✔ |
|
Amazon EKS on EC2 |
✔ | ✔ |
|
Table – Container Orchestration Support
VM HYPERVISOR SUPPORT
Table below provides VM Hypervisor Support information:
Hypervisor Type |
Support |
ESXi |
✔ |
AWS EC2 |
✔ |
Nutanix |
✔ |
Table – VM Hypervisor Support
WEB PROTECTION - SUPPORTED APPLICATION SERVER TECHNOLOGIESWEB PROTECTION - SUPPORTED APPLICATION SERVER TECHNOLOGIES
SUPPORTED TECHNOLOGIES FOR JAVA
The table below lists the supported technologies for Java
Technology |
Supported Version(s) |
Java Versions |
|
Application Servers |
|
Application Framework |
|
Databases |
|
Table – Java – Supported Technologies
SUPPORTED TECHNOLOGIES FOR PHP
The table below lists the supported technologies for PHP
Technology |
Supported Version(s) |
Runtime Versions |
|
Web Servers |
|
Databases |
|
Thread Safety Mode |
|
Table – PHP – Supported Technologies
SUPPORTED TECHNOLOGIES FOR RUBY ON RAILS
The table below lists the supported technologies for Ruby on Rails
Technology |
Supported Version(s) |
Language Versions |
|
Web Servers |
|
Application Framework |
|
Databases |
|
Table – Ruby on Rails – Supported Technologies
SUPPORTED TECHNOLOGIES FOR .NET
The table below lists the supported technologies for .NET
Technology |
Supported Version(s) |
.NET Framework |
|
Language Versions |
|
Architecture |
|
Web Servers |
|
Managed Pipeline Mode |
|
Application Framework |
|
Databases |
|
APM Compatibility |
|
.NET Core |
|
Language Versions |
|
Architecture |
|
Web Servers |
|
Hosting model |
|
Application Framework |
|
Databases |
|
APM Compatibility |
|
Table – .NET – Supported Technologies
SUPPORTED TECHNOLOGIES FOR NODE.JS
The table below lists the supported technologies for Node.js
Technology |
Supported Version(s) |
Language Versions |
|
Application Framework |
|
Databases |
|
Table – Node.js – Supported Technologies
WEB PROTECTION - SUPPORTED WEB SERVER VERSIONSWEB PROTECTION - SUPPORTED WEB SERVER VERSIONS
The table below lists the supported Webserver Versions by VSP-Web - Web Server
Operating System |
NGINX |
Apache |
||
VM |
Container |
VM |
Container |
|
RHEL7 |
NGINX 1.16 |
|
Apache 2.4.6 | |
RHEL8 | NGINX 1.14.1 |
|
|
|
UBUNTU16 | NGINX 1.10.3 | NGINX 1.10.3 | Apache 2.4.18 | Apache 2.4.18 |
UBUNTU18 | NGINX 1.14 |
|
||
UBUNTU20 | NGINX 1.18 |
|
Table – Supported Webserver Versions
WEB PROTECTION - SUPPORTED VULNERABILITIESWEB PROTECTION - SUPPORTED VULNERABILITIES
The table below provides the supported vulnerabilities by VSP Web Protection
Vulnerability/ Logging |
Type |
Java |
PHP |
ROR |
Node.js |
.NET |
Web Protection on Web Server |
SQL Injection (SQLi) |
Vulnerability |
✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Command Injection (CMDi) |
Vulnerability |
✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Path Traversal (PT) |
Vulnerability |
✔ | ✔ | ✔ | ✔ | ✔ | |
Local File Inclusion (LFI) |
Vulnerability |
✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Remote File Inclusion (RFI) |
Vulnerability |
✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Reflected-XSS |
Vulnerability |
✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Stored-XSS |
Vulnerability |
✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Carriage Return and Line Feed (CRLFi) |
Vulnerability |
✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
XML Injection |
Vulnerability |
✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Custom Injection |
Vulnerability |
✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Protocol Enforcement |
Vulnerability |
✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
DOM-based cross-site scripting (DOM-XSS) |
Vulnerability |
✔ | ✔ | ✔ | ✔ | ✔ | |
Cross-site request forgery (CSRF) |
Vulnerability |
✔ | ✔ | ||||
Class Load |
Logging |
✔ | ✔ | ||||
Software Exception |
Logging |
✔ | ✔ | ✔ | ✔ | ✔ |
Table – Web Protection – Supported Vulnerabilities
XML Injection includes the below vulnerabilities:
-
XML External Entity - PT/LFI
-
XML External Entity - RFI
-
Malicious input within XML for other supported vulnerability
-
XML Bomb
The table below provides the supported vulnerabilities by VSP Web Protection options for each vulnerability
Vulnerability/ Logging |
Type |
Available Instrumentation |
Available Protection Mode |
Possible Incident Type |
SQL Injection (SQLi) |
Vulnerability |
HTTP/ DEEP |
Protect/ Detect |
Threat/ Attack |
Command Injection (CMDi) |
Vulnerability |
HTTP/ DEEP |
Protect/ Detect |
Attack |
Path Traversal (PT) |
Vulnerability |
HTTP/ DEEP |
Protect/ Detect |
Threat/ Attack |
Local File Inclusion (LFI) |
Vulnerability |
HTTP/ DEEP |
Protect/ Detect |
Threat/ Attack |
Remote File Inclusion (RFI) |
Vulnerability |
HTTP/ DEEP |
Protect/ Detect |
Attack |
Reflected-XSS |
Vulnerability |
DEEP |
Protect/ Detect |
Threat/ Attack |
Stored-XSS |
Vulnerability |
DEEP |
Protect/ Detect |
Attack |
Carriage Return and Line Feed (CRLFi) |
Vulnerability |
DEEP |
Protect/ Detect |
Threat/ Attack |
XML Injection (XMLi) |
Vulnerability |
HTTP/ DEEP |
Protect/ Detect |
Attack |
Custom Injection |
Vulnerability |
HTTP |
Protect/ Detect |
Attack |
Protocol Enforcement |
Vulnerability |
HTTP |
Protect/ Detect |
Attack |
DOM-based cross-site scripting (DOM-XSS) |
Vulnerability |
DEEP |
Detect |
Attack |
Cross-site request forgery (CSRF) |
Vulnerability |
DEEP |
Protect/ Detect |
Attack |
Class Load |
Logging |
NA |
NA |
NA |
Software Exception |
Logging |
NA |
NA |
NA |
Table – Web Protection – Available Options
BUFFER EXPLOIT PROTECTION - QUALIFIED APPLICATIONSBUFFER EXPLOIT PROTECTION - QUALIFIED APPLICATIONS
NOTE:
VSP Memory is not supported when Intel® Transactional Synchronization Extensions (Intel® TSX) is enabled
FOR CONTAINERS
The table below lists the qualified Applications
Operating System |
NGINX 1.4 |
Httpd 2.4 |
Apache 2 |
Alpine 3.8 |
✔ |
|
|
Alpine 3.10 |
✔ |
|
|
Alpine 3.11 |
✔ |
|
|
Alpine 3.12 |
✔ | ✔ |
|
Alpine 3.13 |
✔ | ✔ |
|
Debian Stretch Slim |
✔ |
|
|
Debian Buster Slim |
✔ |
|
|
Ubuntu 18.04 |
✔ |
|
|
Ubuntu 20.04 |
✔ |
|
✔ |
RHEL 7.6 |
✔ | ✔ |
|
CentOS 7.9 |
✔ | ✔ |
|
Table – Qualified Applications for Containers
FOR VIRTUAL MACHINES
The table below lists the qualified Applications
Operating System |
NGINX 1.4 |
NGINX 1.2 |
Httpd 2.4 |
Apache 2 |
RHEL 7 |
|
|
✔ |
|
CentOS 7.9 |
|
|
✔ |
|
Ubuntu 18 |
|
|
|
✔ |
Ubuntu 20 |
|
|
|
✔ |
AmazonLinux2 |
✔ | ✔ |
|
|
Table – Qualified Applications for VMs
MEMORY EXPLOIT PROTECTION - SUPPORTED KERNEL VERSIONSMEMORY EXPLOIT PROTECTION - SUPPORTED KERNEL VERSIONS
Table below provides the supported Kernel versions for Memory Exploit Protection
Operating System |
Supported Kernel Versions |
DEBIAN-9/STRETCH |
|
RHEL7.6 |
|
RHEL8.x |
|
UBUNTU16 |
|
UBUNTU18 |
|
UBUNTU20 |
|
Table – Supported Kernel Versions
CMS COMPATIBILITYCMS COMPATIBILITY
WITH THIRD-PARTY PRODUCTS
The table below lists the third-party products that CMS is compatible with
Third-Party Product |
Notes |
LDAP |
CMS is compatible with Active Directory only. No other LDAP integration is supported |
SAML |
Only Okta is supported in SAML |
Splunk |
Only HTTP is supported and not HTTPS |
Zendesk |
|
QRadar |
|
Email Server |
|
Syslog Server |
|
Table – CMS Compatibility with Third Party Products
SUPPORTED BROWSER
Google Chrome is the supported browser for CMS