- 31 Aug 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
Compatibility Guide 2.7.x
- Updated on 31 Aug 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
This guide lists the software compatibility information for VSP Web, Memory and Host Protection. The information provided covers the management infrastructure and supported server environments.
Compatibility Matrix - Virtual Machines
Operating System | Executable Allowlisting | AppControl Policies |
---|---|---|
RHEL 6.5, 6.7/ CentOS 6.5, 6.7 | ✔ | ✔ |
RHEL 6.10 (32 bit) | ✔ | ✔ |
RHEL7.6/ CentOS 7.6 | ✔ | ✔ |
RHEL8.0/ CentOS 8.0 | ✔ | ✔ |
UBUNTU16 | ✔ | ✔ |
UBUNTU18 | ✔ | ✔ |
UBUNTU20 | ✔ | ✔ |
DEBIAN-9/STRETCH | ✔ | ✔ |
AMAZONLINUX-1 | ✔ | ✔ |
AMAZONLINUX-2 | ✔ | ✔ |
ORACLE LINUX 7.9 | ✔ | ✔ |
WINDOWS 2003 SP2 (32-bit, 64-bit) | ✔ | ✔ |
WINDOWS 2008 R2 SP1 | ✔ | ✔ |
WINDOWS 2012 R2 | ✔ | ✔ |
WINDOWS 2016 | ✔ | ✔ |
WINDOWS 2019 | ✔ | ✔ |
Operating System | Memory Exploit Protection | Buffer Exploit Protection |
---|---|---|
RHEL 6.5, 6.7/ CentOS 6.5, 6.7 | ✔ | |
RHEL7.6/ CentOS 7.6 | ✔* | ✔ |
RHEL8.0/ CentOS 8.0 | ✔* | ✔ |
UBUNTU16 | ✔* | |
UBUNTU18 | ✔* | ✔ |
UBUNTU20 | ✔* | ✔ |
DEBIAN-9/STRETCH | ✔* | |
AMAZONLINUX-1 | ✔* | ✔ |
AMAZONLINUX-2 | ✔* | ✔ |
WINDOWS 2008 R2 SP1 | ✔ | |
WINDOWS 2012 R2 | ✔ | ✔ |
WINDOWS 2016 | ✔ | ✔ |
WINDOWS 2019 | ✔ | ✔ |
* All the Supported Kernel versions for MEP are listed in Artifactory JSON file: https://artifacts.virsec.work/ui/native/vsysi/vsp-vsysi-release-info.json
Table – Compatibility Matrix for Virtual Machines
- Workloads running SELinux or AppArmor in enforcing mode
- Hosts running hypervisor: Example ESXi/Hyper-V/Zen/KVM
VM Hypervisors
VSP supports VMs hosted on the hypervisor environments:
- ESXi
- AWS EC2
- Nutanix
Compatibility Matrix - Containers
Operating System | Executable Allowlisting | App control Policies |
---|---|---|
RHEL7.6 | ✔ | ✔ |
UBUNTU16.04 | ✔ | ✔ |
UBUNTU18.04 | ✔ | ✔ |
UBUNTU20 | ✔ | ✔ |
DEBIAN-BUSTER-SLIM | ✔ | ✔ |
DEBIAN-BUSTER | ✔ | ✔ |
DEBIAN-STRETCH-SLIM | ✔ | ✔ |
DEBIAN-STRETCH | ✔ | ✔ |
ALPINE3.6 | ✔ | ✔ |
ALPINE3.7 | ✔ | ✔ |
ALPINE3.8 | ✔ | ✔ |
ALPINE3.9 | ✔ | ✔ |
ALPINE3.10 | ✔ | ✔ |
ALPINE3.11 | ✔ | ✔ |
ALPINE3.12 | ✔ | ✔ |
ALPINE3.13 | ✔ | ✔ |
Operating System | Buffer Exploit Protection |
---|---|
RHEL7.6 | ✔ |
UBUNTU18.04 | ✔ |
UBUNTU20 | ✔ |
DEBIAN-BUSTER-SLIM | ✔ |
DEBIAN-BUSTER | ✔ |
ALPINE3.6 | ✔ |
ALPINE3.7 | ✔ |
ALPINE3.8 | ✔ |
ALPINE3.9 | ✔ |
ALPINE3.10 | ✔ |
ALPINE3.11 | ✔ |
ALPINE3.12 | ✔ |
ALPINE3.13 | ✔ |
Operating System | Java | PHP | ROR | Node.js | On Web Server |
---|---|---|---|---|---|
RHEL7.6 | ✔ | ✔ | ✔ | ✔ | |
UBUNTU16.04 | ✔ | ✔ | ✔ | ✔ | ✔ |
UBUNTU18.04 | ✔ | ✔ | ✔ | ✔ | |
UBUNTU20 | ✔ | ✔ | ✔ | ✔ | |
DEBIAN-BUSTER-SLIM | ✔ | ||||
DEBIAN-STRETCH-SLIM | ✔ | ||||
ALPINE3.13 | ✔ |
Table – Compatibility Matrix for Containers
Container Orchestration Support
Table below provides Container Orchestration Support information:
Container Orchestration Type | VSP Deployment | Workload Deployment | Notes |
---|---|---|---|
Kubernetes – Kubectl | ✔ | ✔ | Supported versions: Kubernetes - 1.18, 1.19, 1.20, 1.21, 1.22 Docker Engine - 19.03 |
Helm Charts | ✔ | ✔ | Supported versions: Helm 2, Helm 3 |
Docker-only | ✔ | Supported Docker Versions: 18.x, 19.x, 20.x | |
Amazon ECS on Fargate | ✔ | ||
Amazon ECS on EC2 | ✔ | ||
Amazon EKS on EC2 | ✔ | ✔ |
Table – Container Orchestration Support
Web Protection - Supported Application Server Technologies
Supported Technologies for Java
The table below lists the supported technologies for Java
Technology | Supported Versions(s) |
---|---|
Java Versions |
|
Application Servers |
|
Application Framework |
|
Databases |
|
Table – Java – Supported Technologies
Supported Technologies for PHP
The table below lists the supported technologies for PHP
Technology | Supported Version(s) |
---|---|
Runtime Versions |
|
Web Servers |
|
Databases |
|
Thread Safety Mode |
|
Table – PHP – Supported Technologies
Supported Technologies for Ruby on Rails
The table below lists the supported technologies for Ruby on Rails
Technology | Supported Version(s) |
---|---|
Language Versions |
|
Web Servers |
|
Application Framework |
|
Databases |
|
Table – Ruby on Rails – Supported Technologies
Supported Technologies for .NET
The table below lists the supported technologies for .NET
Technology | Supported Version(s) |
---|---|
.NET Framework | |
Language Versions |
|
Architecture |
|
Web Servers |
|
Managed Pipeline Mode |
|
Application Framework |
|
Databases |
|
APM Compatibility |
|
.NET Core | |
Language Versions |
|
Architecture |
|
Web Servers |
|
Hosting model |
|
Application Framework |
|
Databases |
|
APM Compatibility |
|
Table – .NET – Supported Technologies
Supported Technologies for Node.js
The table below lists the supported technologies for Node.js
Technology | Supported Version(s) |
---|---|
Language Versions |
|
Application Framework |
|
Databases |
|
Table – Node.js – Supported Technologies
Web Protection - Supported Web Server Versions
The table below lists the supported Webserver Versions by VSP-Web – Web Server
Operating System | NGINX | Apache | ||
---|---|---|---|---|
VM | Container | VM | Container | |
RHEL7 | NGINX 1.16 | Apache 2.4.6 | ||
RHEL8 | NGINX 1.18 | |||
UBUNTU16 | NGINX 1.10.3 | NGINX 1.10.3 | Apache 2.4.18 | Apache 2.4.18 |
UBUNTU18 | NGINX 1.14 | |||
UBUNTU20 | NGINX 1.18 |
Table – Supported Webserver Versions
Web Protection - Supported Vulnerabilities
The table below provides the supported vulnerabilities by VSP Web Protection
Type | Java | PHP | RoR | Node.js | .NET | Web Protection on Web Server |
---|---|---|---|---|---|---|
Vulnerability | ||||||
SQL Injection (SQLi) | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Command Injection (CMDi) | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Path Traversal (PT) | ✔ | ✔ | ✔ | ✔ | ✔ | |
Local File Inclusion (LFI) | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Remote File Inclusion (RFI) | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Reflected-XSS | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Stored-XSS | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Carriage Return and Line Feed (CRLFi) | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
XML Injection* | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Custom Injection | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Protocol Enforcement | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
DOM-based Cross-Site Scripting (DOM-XSS) (Beta Feature) | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Cross-Site Request Forgery (CSRF) (Beta Feature) | ✔ | ✔ | ||||
Logging | ||||||
Class Load | ✔ | ✔ | ||||
Software Exception | ✔ | ✔ | ✔ | ✔ | ✔ |
Table – Web Protection – Supported Vulnerabilities
*XML Injection includes the below vulnerabilities:
- XML External Entity - PT/LFI
- XML External Entity - RFI
- Malicious input within XML for other supported vulnerability
- XML Bomb
The table below provides the supported vulnerabilities by VSP Web Protection options for each vulnerability
Type | Available Instrumentation | Available Protection Mode | Possible Incident Type |
---|---|---|---|
Vulnerability | |||
SQL Injection (SQLi) | HTTP/ DEEP | Protect/ Detect | Threat/ Attack |
Command Injection (CMDi) | HTTP/ DEEP | Protect/ Detect | Attack |
Path Traversal (PT) | HTTP/ DEEP | Protect/ Detect | Threat/ Attack |
Local File Inclusion (LFI) | HTTP/ DEEP | Protect/ Detect | Threat/ Attack |
Remote File Inclusion (RFI) | HTTP/ DEEP | Protect/ Detect | Attack |
Reflected-XSS | DEEP | Protect/ Detect | Threat/ Attack |
Stored-XSS | DEEP | Protect/ Detect | Attack |
Carriage Return and Line Feed (CRLFi) | DEEP | Protect/ Detect | Threat/ Attack |
XML Injection (XMLi) | HTTP/ DEEP | Protect/ Detect | Attack |
Custom Injection | HTTP | Protect/ Detect | Attack |
Protocol Enforcement | HTTP | Protect/ Detect | Attack |
DOM-based Cross-Site Scripting (DOM-XSS) | DEEP | Detect | Attack |
Cross-Site Request Forgery (CSRF) | DEEP | Protect/ Detect | Attack |
Logging | |||
Class Load | NA | NA | NA |
Software Exception | NA | NA | NA |
Table – Web Protection – Available Options
Buffer Exploit Protection - Qualified Applications
For Virtual Machines
The table below lists the qualified Applications
Operating System | NGINX 1.4 | NGINX 1.2 | Httpd 2.4 | Apache 2 |
---|---|---|---|---|
RHEL 7 | ✔ | |||
CentOS 7.9 | ✔ | |||
Ubuntu 18 | ✔ | |||
Ubuntu 20 | ✔ | |||
AmazonLinux2 | ✔ | ✔ |
Table – Qualified Applications for VMs
For Containers
The table below lists the qualified Applications
Operating System | NGINX 1.4 | Httpd 2.4 | Apache 2 |
---|---|---|---|
Alpine 3.8 | ✔ | ||
Alpine 3.10 | ✔ | ||
Alpine 3.11 | ✔ | ||
Alpine 3.12 | ✔ | ✔ | |
Alpine 3.13 | ✔ | ✔ | |
Debian Stretch Slim | ✔ | ||
Debian Buster Slim | ✔ | ||
Ubuntu 18.04 | ✔ | ||
Ubuntu 20.04 | ✔ | ✔ | |
RHEL 7.6 | ✔ | ✔ | |
CentOS 7.9 | ✔ | ✔ |
Table – Qualified Applications for Containers
CMS Compatibility
With Third-Party Products
The table below lists the third-party products that CMS is compatible with
Third-Party Product | Notes |
---|---|
LDAP | CMS is compatible with Active Directory only. No other LDAP integration is supported |
SAML | Only Okta is supported in SAML |
Splunk | Only HTTP is supported and not HTTPS |
Zendesk | |
QRadar | |
Email Server | |
Syslog Server |
Table – CMS Compatibility with Third Party Products
Supported Browser
Google Chrome is the supported browser for CMS