CMS Applications

Application Auto-Discovery (VM Only)

Application Discovery is a component of the installed VSP probe. It scans the Probes after installation and at regular intervals (Default duration - weekly) to discover the web applications hosted on them. Once the web applications are discovered, appropriate Applications are created on CMS with the discovered information. In cases where manual application creation is desired, refer to Create Application

Coverage

1. Version 2.11 and Above: Application Discovery discovers all applications. In cases where the applications are not compatible with VSP, it is indicated on CMS as depicted:
   
2. Version 2.10 and Below: Application Discovery discovers applications on both Linux and Windows VMs that can be provisioned as per the VSP Compatibility Matrix
3. For Java-based applications:
   1. Cluster/Domain mode is not supported for application servers listed below:’
      1. JBoss
      2. WildFly
      3. Glassfish
      4. WebLogic
      5. WebSphere
         NOTE

         Refrain from using auto-instrumentation with WebSphere. Opt for manual instrumentation
   2. Java Application servers configured as services may not be discovered

Pre-requisites

The pre-requisites are:

1. (Not applicable for .NET and .NET Core) The application process is running during Application Discovery scan

Application Discovery Workflow

1. After probe installation, Application Discovery collects information about running applications on the host
2. Based on this information, a new application is created or the instance is associated with the existing application on CMS. A system alert is generated for auto-association of instances
   1. Navigate to Manage > Web > Application Provisioning in the left navigation pane to view the application
   2. The name of the newly created Application is of the format: <Process Type>_<Deployment Folder>_<Application Server>_<Application Server Version>
   3. Example: JAVA17_opt_my_app_Tomcat_10.0
   4. For .NET and .NET Core Applications, the name of the newly created Application is of the format: <SiteName_SubSiteName1_…_SubsiteNameN_OnIIS>. The .NET version number is also populated on the UI
      NOTE

      The slashes (“/” OR “\”) in the directory paths are replaced with an underscore (“_”)
      The maximum number of characters for the application name is 55. In cases where the number is exceeded, it is truncated

   5. The auto-discovered applications have the Created By field as System
   6. During upgrade scenarios from VSP 2.5/2.6 to VSP 2.7 or above, review both the discovered applications from VSP 2.7 or above and user-created applications from VSP 2.5/2.6 after Application Discovery. Delete the applications that are not needed
3. Once the application is created, the user may configure the security policy by editing the newly created process:
   1. Create the required protection profile, web profile, LFI/RFI profiles. Associate them with the application
   2. Select vulnerabilities
   3. The auto-discovered fields – Process Type, Application Deployment Folder, Start Up Script File Path, Server Type - cannot be modified since they are auto-discovered. Other fields including the names of Application, Service and Processes can be modified
      NOTE

      In cases where the security profile is not configured and the process is not running on the instance, another Application Discovery scan removes the newly created application
      For WebSphere, the auto instrumentation option is disabled by default
4. Once the security profile is configured, the application is auto-provisioned and moves to 100% completion
5. Restart the business application (application process) to enable security policies in the application. This restart is required only during the first-time selection of security policies. Subsequent changes to the security policies do not require an application restart

Application Discovery Configuration

Below are the commands for various application discovery configurations

1. To modify the duration between the automated Application Discovery scans

   vsp-cli edit-service fde edit restartFrequency <Number of hours>

2. To disable application discovery scans

   vsp-cli edit-service fde edit restartFrequency 0

3. To manually initiate a scan

   vsp-cli start fde

Upgrades to PHP and NodeJS Language Version

VSP Auto Discovery creates a new application in CMS if the application changes PHP or NodeJS versions (Example: PHP is upgraded from version 7.3 to version 7.4). The new application is listed in CMS alongside the old application with the older PHP or NodeJS version. Security policies need to be recreated for this new application on the “Edit Process” screen.

Application List on CMS

The list of Applications can be viewed on the CMS

1. Navigate to Manage > Web > Application Provisioning in the left navigation pane. Applications are listed along with the number of attacks, threats and incidents associated with them
2. Standard search and export/import features are available
3. Expand an Application to view more information in the tabs:
   1. Details – Generic information about an Application is provided
   2. Services– Information related to the associated Services and their Processes is provided
      1. To view the configured vulnerabilities protection, expand the required service and click Vulnerability Protection
      2. The pop-up window displays Instrumentation Type and Protection Mode for each configured vulnerability. The instrumentation types are Deep (for application services), HTTP (for Web services) and Mix (for Custom Injection – both Deep and HTTP)
   3. Progress – Information related to the associated instances, status, configured vulnerabilities and the completion (in percentage) is provided. In case of an error(s), the information about the error is displayed
4. Version 2.10 and Below: Click the Attack, Threat OR Incident link to navigate to the Incidents page that displays the incidents associated with the Application
5. For Applications with Containers or Kubernetes Pod instances, once the Installation of VSP Agent is completed on that instance, the configuration is locked. This is depicted by the below icon. Once the configuration is locked, it cannot be deleted. Modification is allowed only for certain fields

Lock/Unlock Processes (Containers only)

1. Once the CD tool (Click here for more information) is executed during Application Setup, the process associated with an application is locked. It is indicated by the below icon
2. To unlock the process, expand the application and click on tab Services. Expand the listed service
3. Click on the below icon associated with the process. Click YES on the confirmation screen
4. Once unlocked, it is indicated by the below icon
5. To lock an unlocked process, click on the below icon. Click YES on the confirmation screen

Secure Probe

Securing/Provisioning an Probe begins VSP protection on that instance. Auto-provisioning can be enabled by providing the service tag at the time of Probe Installation. It can be performed manually:

1. Click Start to secure a specific Probe. VSP monitoring begins at that instance. This is applicable for VMs only
   1. Click YES on the confirmation pop-up
2. For Pods and Containers, the provisioning is initially automated. Subsequent stop and start actions are allowed
3. The progress of securing each server is displayed through a progress bar. The information on the page gets refreshed automatically
4. Click Stop to stop provisioning of a specific Probe. This is applicable for VMs only.
   1. Click YES on the confirmation pop-up

Export/Import Applications

1. Export and import of applications can be used:
   1. When VSP protection is extended to a different environment (Example: Pre-production to Production environment) OR
   2. To clone an existing entry
2. The Applications can be imported/exported with .virsec extension
3. The exported information consists of the associated services, processes, protection profile and web profile
4. Ensure that import/export operations are carried out in the same VSP version. Import/export feature is compatible across various patches in the same major release (Example:  VSP 2.8.x)

Modify Application

To modify applications, follow the below steps:

1. Navigate to Manage > Web > Application Provisioning in the left navigation pane
2. To modify the fields Application Name or Version, click Edit. Modify the fields as required
3. To modify an existing Service, click Edit associated with it. Modify as required
4. To modify an existing Process, click Edit associated with it. Modify as required

Delete Associated Instances (VMs only)

1. Navigate to Manage > Web > Application Provisioning in the left navigation pane. Expand the secured application
2. Navigate to the Progress tab. Click Delete
3. Click YES on the confirmation pop-up

Delete Application

To delete applications, follow the below steps:

1. Navigate to Manage > Web > Application Provisioning in the left navigation pane
2. On the displayed list of applications, click the delete link of the required application
3. Click YES on the confirmation pop-up