ABOUT THE TOPIC


 

This guide lists the software compatibility information for Virsec Security Platform (VSP) including VSP-Web, VSP-Memory and VSP-Host. The information provided covers the management infrastructure and supported server environments. Compatibility is based on VSP 2.5 release unless otherwise noted.  

 

 

 

 

COMPATIBILITY MATRIXCOMPATIBILITY MATRIX

 

FOR CONTAINERS

 

Table below provides the software compatibility information for Workload Type - Containers

 

Operating System

Executable Allowlisting

AppControl Policies

File System Monitoring

Buffer Exploit Protection

Web Application Protection

Java PHP ROR

Node.js

On Web Server

RHEL7.6

     

UBUNTU16.04

   

UBUNTU18.04

     

UBUNTU20

 

     

 

 

DEBIAN-BUSTER-SLIM

 

 

     

DEBIAN-BUSTER 

 

 

 

 

 

DEBIAN-STRETCH-SLIM

   

 

     

DEBIAN-STRETCH

   

 

 

 

 

ALPINE3.6

 

 

 

 

 

ALPINE3.7

 

 

 

 

 

ALPINE3.8

 

 

 

 

 

 

ALPINE3.9

 

 

 

 

 

ALPINE3.10

 

 

 

 

 

ALPINE3.11

 

 

 

 

 

ALPINE3.12

 

 

 

 

 

ALPINE3.13

 

 

     

Table – Compatibility Matrix for Containers

 

 

 

FOR VIRTUAL MACHINES

 

Table below provides the software compatibility information for Workload Type – Virtual Machines

 

Operating System

Executable Allowlisting

AppControl Policies

File System Monitoring

Memory Exploit Protection

Buffer Exploit Protection

Web Application Protection

Java

PHP

ROR

Node.js

.NET

On Web Server

RHEL 6.5, 6.7/ CentOS 6.5, 6.7

          NA  

RHEL 6.10 (32 bit)

              NA  

RHEL7.6/ CentOS 7.6

✔*

 

NA

RHEL8.0/ CentOS 8.0

✔*

 

NA

UBUNTU16

✔*

 

 

NA

UBUNTU18

✔*

 

NA

UBUNTU20

✔*

 

NA

DEBIAN-9/STRETCH

✔*

 

 

NA

 

AMAZONLINUX-1

 

NA

 

AMAZONLINUX-2

 

NA

 

WINDOWS 2008 R2 SP1

 

 

NA

 

WINDOWS 2012 R2

 

WINDOWS 2016

 

WINDOWS 2019

 

Table – Compatibility Matrix for VMs

 

* Memory Exploit Protection supported in a few kernels only. Refer Section  Supported Kernel Versions for Memory Exploit Protection for more information

 

NOTE:  

VSP is not supported for:

  • Workloads running SELinux or AppArmor in enforcing mode (Linux only)

  • Hosts running hypervisor: Example ESXi/Hyper-V/Zen/KVM

  • Hosts running docker (Linux only)

  

CONTAINER ORCHESTRATION SUPPORT

 

Table below provides the Container Orchestration Support information:

 

Container Orchestration Type

VSP Deployment

Workload Deployment

Notes

Kubernetes - Kubectl

Supported versions:

Kubernetes - 1.18, 1.19, 1.20, 1.21, 1.22

Docker Engine - 19.03  

Helm Charts

Supported versions: Helm 2, Helm 3

Docker-only

 

Supported Docker Versions:  18.x, 19.x, 20.x

Amazon ECS on Fargate

 

 

Amazon ECS on EC2

 

 

Amazon EKS on EC2

 

Table – Container Orchestration Support

 

VM HYPERVISOR SUPPORT

 

Table below provides VM Hypervisor Support information:

 

Hypervisor Type

Support

ESXi

AWS EC2

Nutanix

Table – VM Hypervisor Support

WEB PROTECTION - SUPPORTED APPLICATION SERVER TECHNOLOGIESWEB PROTECTION - SUPPORTED APPLICATION SERVER TECHNOLOGIES

 

SUPPORTED TECHNOLOGIES FOR JAVA

 

The table below lists the supported technologies for Java

 

Technology

Supported Version(s)

Java Versions

  • JDK 1.7
  • JDK 1.8
  • JDK 9
  • JDK 10
  • JDK 11
  • JDK 12
  • JDK 17

Application Servers

  • Tomcat 7, 8, 9
  • JBoss (Standalone) 6.4, 7.2 and 7.4
  • JBoss (Cluster) 7.1
  • Jetty 9
  • IBM WebSphere App Server 8.5, 9
  • Oracle Weblogic 12
  • Wildfly Server (Standalone) 21-26
  • Wildfly Server (Cluster) 10, 11, 12
  • GlassFish 3, 4, 5
  • Executable Jar

Application Framework

  • Spring Web (MVC)
  • Struts 2
  • Hibernate
  • GWT (Google Web Kit) 2.9
  • JSF (Java Server Faces)
  • Spring Boot

Databases

  • MySQL JDBC 5.x
  • Postrgres SQL JDBC 9.x, 42.2.5
  • Oracle JDBC ojdbc8
  • MS-SQL JDBC 8.x
  • H-SQL JDBC 2.x

Table – Java – Supported Technologies

 

SUPPORTED TECHNOLOGIES FOR PHP

 

The table below lists the supported technologies for PHP

 

Technology

Supported Version(s)

Runtime Versions

  • 7.3
  • 7.4

Web Servers

  • Apache with Fork and PHP-FPM 2.4.x
  • NGINX 1.x

Databases

  • MySQL Server 5.x
  • Maria DB Server 10.0.38

Thread Safety Mode

  • NTS (Non-Thread Safe)

Table – PHP – Supported Technologies

 

SUPPORTED TECHNOLOGIES FOR RUBY ON RAILS

 

The table below lists the supported technologies for Ruby on Rails

 

Technology

Supported Version(s)

Language Versions

  • 2.5
  • 2.6

Web Servers

  • Puma 3.11.x+
  • Passenger 6.x
  • Unicorn 5.1.x+

Application Framework

  • Rails

Databases

  • MySQL Server 5.x
  • Postgres 1.x+

Table – Ruby on Rails – Supported Technologies

SUPPORTED TECHNOLOGIES FOR .NET

 

The table below lists the supported technologies for .NET

  

Technology

Supported Version(s)

.NET Framework

Language Versions

  • .Net Framework 4.5.x
  • .Net Framework 4.6.x
  • .Net Framework 4.7.x
  • .Net Framework 4.8.x

Architecture

  • x86
  • x64

Web Servers

  • IIS 8.5+

Managed Pipeline Mode

  • Classic
  • Integrated

Application Framework

  • ASP.NET MVC
  • ASP.NET Web Forms
  • ASP.NET Web Pages
  • ASP.Net WebAPI
  • ASP.Net Web Service (asmx)

Databases

  • MS SQL Server

APM Compatibility

  • AppDynamics
  • New Relic

.NET Core

Language Versions

  • .Net Core 2.2
  • .Net Core 3.0
  • .Net Core 3.1

Architecture

  • x86
  • x64

Web Servers

  • IIS 8.5+

Hosting model

  • In-proc
  • Out-Of-Proc

Application Framework

  • ASP.Net Core
  • ASP.Net Core WebAPI

Databases

  • MS SQL Server

APM Compatibility

  • AppDynamics
  • New Relic

Table – .NET – Supported Technologies

 

SUPPORTED TECHNOLOGIES FOR NODE.JS

 

The table below lists the supported technologies for Node.js

  

Technology

Supported Version(s)

Language Versions

  • 8.17.x
  • 10.x
  • 12.x
  • 14.x

Application Framework

  • Express

Databases

  • MySQL Server 5.x
  • Oracle (oracledb npm: 4.x)
  • MS SQL Server (mssql npm: 4.x)

Table – Node.js – Supported Technologies

 

WEB PROTECTION - SUPPORTED WEB SERVER VERSIONSWEB PROTECTION - SUPPORTED WEB SERVER VERSIONS

 

The table below lists the supported Webserver Versions by VSP-Web - Web Server

 

Operating System

NGINX

Apache

VM

Container

VM

Container

RHEL7

NGINX 1.16

 

Apache 2.4.6  
RHEL8 NGINX 1.14.1

 

 

 
UBUNTU16 NGINX 1.10.3 NGINX 1.10.3 Apache 2.4.18 Apache 2.4.18
UBUNTU18 NGINX 1.14  

 

 
UBUNTU20 NGINX 1.18  

 

 

Table – Supported Webserver Versions

 

WEB PROTECTION - SUPPORTED VULNERABILITIESWEB PROTECTION - SUPPORTED VULNERABILITIES

 

The table below provides the supported vulnerabilities by VSP Web Protection

 

Vulnerability/ Logging

Type

Java

PHP

ROR

Node.js

.NET

Web Protection on Web Server

SQL Injection (SQLi)

Vulnerability

Command Injection (CMDi)

Vulnerability

Path Traversal (PT)

Vulnerability

Local File Inclusion (LFI)

Vulnerability

Remote File Inclusion (RFI)

Vulnerability

Reflected-XSS

Vulnerability

Stored-XSS

Vulnerability

Carriage Return and Line Feed (CRLFi)

Vulnerability

XML Injection

Vulnerability

Custom Injection

Vulnerability

Protocol Enforcement

Vulnerability

DOM-based cross-site scripting (DOM-XSS)

Vulnerability

Cross-site request forgery (CSRF)

Vulnerability

 

Class Load

Logging

Software Exception

Logging

Table – Web Protection – Supported Vulnerabilities

 

XML Injection includes the below vulnerabilities:

  1. XML External Entity - PT/LFI 

  2. XML External Entity - RFI

  3. Malicious input within XML for other supported vulnerability

  4. XML Bomb

 

The table below provides the supported vulnerabilities by VSP Web Protection options for each vulnerability

 

Vulnerability/ Logging

Type

Available Instrumentation

Available Protection Mode

Possible Incident Type

SQL Injection (SQLi)

Vulnerability

HTTP/ DEEP

Protect/ Detect

Threat/ Attack

Command Injection (CMDi)

Vulnerability

HTTP/ DEEP

Protect/ Detect

Attack

Path Traversal (PT)

Vulnerability

HTTP/ DEEP

Protect/ Detect

Threat/ Attack

Local File Inclusion (LFI)

Vulnerability

HTTP/ DEEP

Protect/ Detect

Threat/ Attack

Remote File Inclusion (RFI)

Vulnerability

HTTP/ DEEP

Protect/ Detect

Attack

Reflected-XSS

Vulnerability

DEEP

Protect/ Detect

Threat/ Attack

Stored-XSS

Vulnerability

DEEP

Protect/ Detect

Attack

Carriage Return and Line Feed (CRLFi)

Vulnerability

DEEP

Protect/ Detect

Threat/ Attack

XML Injection (XMLi)

Vulnerability

HTTP/ DEEP

Protect/ Detect

Attack

Custom Injection

Vulnerability

HTTP

Protect/ Detect

Attack

Protocol Enforcement

Vulnerability

HTTP

Protect/ Detect

Attack

DOM-based cross-site scripting (DOM-XSS)

Vulnerability

DEEP

Detect

Attack

Cross-site request forgery (CSRF)

Vulnerability

DEEP

Protect/ Detect

Attack

Class Load

Logging

NA

NA

NA

Software Exception

Logging

NA

NA

NA

Table – Web Protection – Available Options

 

BUFFER EXPLOIT PROTECTION - QUALIFIED APPLICATIONSBUFFER EXPLOIT PROTECTION - QUALIFIED APPLICATIONS

 

  NOTE:

VSP Memory is not supported when Intel® Transactional Synchronization Extensions (Intel® TSX) is enabled

FOR CONTAINERS

 

The table below lists the qualified Applications

 

Operating System

NGINX 1.4

Httpd 2.4

Apache 2

Alpine 3.8

 

 

Alpine 3.10

 

 

Alpine 3.11

 

 

Alpine 3.12

 

Alpine 3.13

 

Debian Stretch Slim

 

 

Debian Buster Slim

 

 

Ubuntu 18.04

 

 

Ubuntu 20.04

 

RHEL 7.6

 

CentOS 7.9

 

Table – Qualified Applications for Containers

FOR VIRTUAL MACHINES

 

The table below lists the qualified Applications

 

Operating System

NGINX 1.4

NGINX 1.2

Httpd 2.4

Apache 2

RHEL 7

 

 

 

CentOS 7.9

 

 

 

Ubuntu 18

 

 

 

Ubuntu 20

 

 

 

AmazonLinux2

 

 

Table – Qualified Applications for VMs

MEMORY EXPLOIT PROTECTION - SUPPORTED KERNEL VERSIONSMEMORY EXPLOIT PROTECTION - SUPPORTED KERNEL VERSIONS

 

Table below provides the supported Kernel versions for Memory Exploit Protection

 

Operating System

Supported Kernel Versions

DEBIAN-9/STRETCH

  • 4.9.0-16-common_debian9

RHEL7.6

  • 3.10.0-123.el7_rhel7.6
  • 3.10.0-957.el7_rhel7.6
  • 3.10.0-1136.el7_rhel7.9
  • 3.10.0-1160.el7_rhel7.9

RHEL8.x

  • 4.18.0-80.el8_rhel8.0
  • 4.18.0-193.el8_rhel8.2
  • 4.18.0-240.el8_rhel8.3
  • 4.18.0-348.el8_rhel8.5

UBUNTU16

  • 4.4.0-131-generic_ubuntu16
  • 4.4.0-210-generic_ubuntu16

UBUNTU18

  • 4.15.0-55-generic_ubuntu18
  • 4.15.0-140-generic_ubuntu18
  • 4.15.0-147-generic_ubuntu18
  • 4.15.0-175-generic_ubuntu18
  • 4.15.0-176-generic_ubuntu18

UBUNTU20

  • 5.4.0-77-generic_ubuntu20
  • 5.4.0-70-generic_ubuntu20
  • 5.4.0-104-generic_ubuntu20
  • 5.4.0-107-generic_ubuntu20
  • 5.4.0-109-generic_ubuntu20
  • 5.4.0-113-generic_ubuntu20
  • 5.8.0-48-generic_ubuntu20

Table – Supported Kernel Versions

 

CMS COMPATIBILITYCMS COMPATIBILITY

 

WITH THIRD-PARTY PRODUCTS

 

The table below lists the third-party products that CMS is compatible with

 

Third-Party Product

Notes

LDAP

CMS is compatible with Active Directory only. No other LDAP integration is supported

SAML

Only Okta is supported in SAML

Splunk

Only HTTP is supported and not HTTPS

Zendesk

 

QRadar

 

Email Server

 

Syslog Server

 

Table – CMS Compatibility with Third Party Products

  

SUPPORTED BROWSER

 

Google Chrome is the supported browser for CMS