Compatibility Guide 2.10.x
- 02 Nov 2023
- 3 Minutes to read
- Print
- DarkLight
- PDF
Compatibility Guide 2.10.x
- Updated on 02 Nov 2023
- 3 Minutes to read
- Print
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Compatibility Matrix - Virtual Machines
| Operating System | Executable Allowlisting | AppControl Policies |
|---|---|---|
| RHEL 6.5, 6.7/ CentOS 6.5, 6.7 | ✔ | ✔ |
| RHEL 6.10 (32 bit) | ✔ | ✔ |
| RHEL7.6/ CentOS 7.6 | ✔ | ✔ |
| RHEL8.0/ CentOS 8.0 | ✔ | ✔ |
| UBUNTU16 | ✔ | ✔ |
| UBUNTU18 | ✔ | ✔ |
| UBUNTU20 | ✔ | ✔ |
| UBUNTU22 | ✔ | ✔ |
| DEBIAN-9/STRETCH | ✔ | ✔ |
| AMAZONLINUX-1 | ✔ | ✔ |
| AMAZONLINUX-2 | ✔ | ✔ |
| ORACLE LINUX 7.9 | ✔ | ✔ |
| ORACLE LINUX 8.x | ✔ | ✔ |
| WINDOWS 2003 SP2 (32-bit, 64-bit) | ✔ | ✔ |
| WINDOWS 2008 R2 SP1 | ✔ | ✔ |
| WINDOWS 2012 R2 | ✔ | ✔ |
| WINDOWS 2016 | ✔ | ✔ |
| WINDOWS 2019 | ✔ | ✔ |
| WINDOWS 2022 | ✔ | ✔ |
| Operating System | Memory Exploit Protection | Buffer Exploit Protection |
|---|---|---|
| RHEL 6.5, 6.7/ CentOS 6.5, 6.7 | ✔ | |
| RHEL7.6/ CentOS 7.6 | ✔* | ✔ |
| RHEL8.0/ CentOS 8.0 | ✔* | ✔ |
| UBUNTU16 | ✔* | |
| UBUNTU18 | ✔* | ✔ |
| UBUNTU20 | ✔* | ✔ |
| UBUNTU22 | ✔* | ✔ |
| DEBIAN-9/STRETCH | ✔* | |
| AMAZONLINUX-1 | ✔* | ✔ |
| AMAZONLINUX-2 | ✔* | ✔ |
| WINDOWS 2008 R2 SP1 | ✔ | |
| WINDOWS 2012 R2 | ✔ | ✔ |
| WINDOWS 2016 | ✔ | ✔ |
| WINDOWS 2019 | ✔ | ✔ |
| WINDOWS 2022 | ✔ | ✔ |
* All the Supported Kernel versions for MEP are listed in Artifactory JSON file: https://artifacts.virsec.work/ui/native/vsysi/vsp-vsysi-release-info.json
Table – Compatibility Matrix for Virtual Machines
VSP is not supported for:
- Workloads running SELinux or AppArmor in enforcing mode (Linux only)
- Hosts running hypervisor: Example ESXi/Hyper-V/Zen/KVM
- Hosts running docker (Linux only)
VM Hypervisors
VSP supports VMs hosted on the hypervisor environments:
- ESXi
- AWS EC2
- Nutanix
Compatibility Matrix - Containers
| Operating System | Executable Allowlisting | App control Policies |
|---|---|---|
| RHEL7.6 | ✔ | ✔ |
| UBUNTU16.04 | ✔ | ✔ |
| UBUNTU18.04 | ✔ | ✔ |
| UBUNTU20 | ✔ | ✔ |
| DEBIAN-BUSTER-SLIM | ✔ | ✔ |
| DEBIAN-BUSTER | ✔ | ✔ |
| DEBIAN-STRETCH-SLIM | ✔ | ✔ |
| DEBIAN-STRETCH | ✔ | ✔ |
| ALPINE3.6 | ✔ | ✔ |
| ALPINE3.7 | ✔ | ✔ |
| ALPINE3.8 | ✔ | ✔ |
| ALPINE3.9 | ✔ | ✔ |
| ALPINE3.10 | ✔ | ✔ |
| ALPINE3.11 | ✔ | ✔ |
| ALPINE3.12 | ✔ | ✔ |
| ALPINE3.13 | ✔ | ✔ |
| Operating System | Buffer Exploit Protection |
|---|---|
| RHEL7.6 | ✔ |
| UBUNTU18.04 | ✔ |
| UBUNTU20 | ✔ |
| DEBIAN-BUSTER-SLIM | ✔ |
| DEBIAN-BUSTER | ✔ |
| ALPINE3.6 | ✔ |
| ALPINE3.7 | ✔ |
| ALPINE3.8 | ✔ |
| ALPINE3.9 | ✔ |
| ALPINE3.10 | ✔ |
| ALPINE3.11 | ✔ |
| ALPINE3.12 | ✔ |
| ALPINE3.13 | ✔ |
| Operating System | Java | PHP | ROR | Node.js | On Web Server |
|---|---|---|---|---|---|
| RHEL7.6 | ✔ | ✔ | ✔ | ✔ | |
| UBUNTU16.04 | ✔ | ✔ | ✔ | ✔ | ✔ |
| UBUNTU18.04 | ✔ | ✔ | ✔ | ✔ | |
| UBUNTU20 | ✔ | ✔ | ✔ | ✔ | |
| DEBIAN-BUSTER-SLIM | ✔ | ||||
| DEBIAN-STRETCH-SLIM | ✔ | ||||
| ALPINE3.13 | ✔ |
Table – Compatibility Matrix for Containers
Container Orchestration Support
Table below provides Container Orchestration Support information:
| Container Orchestration Type | VSP Deployment | Workload Deployment | Notes |
|---|---|---|---|
| Kubernetes – Kubectl | ✔ | ✔ | Supported versions: Kubernetes - 1.18, 1.19, 1.20, 1.21, 1.22 Docker Engine - 19.03 |
| Helm Charts | ✔ | ✔ | Supported versions: Helm 2, Helm 3 |
| Docker-only | ✔ | Supported Docker Versions: 18.x, 19.x, 20.x | |
| Amazon ECS on Fargate | ✔ | ||
| Amazon ECS on EC2 | ✔ | ||
| Amazon EKS on EC2 | ✔ | ✔ |
Table – Container Orchestration Support
Web Protection - Supported Application Server Technologies
Supported Technologies for Java
The table below lists the supported technologies for Java
| Technology | Supported Versions(s) |
|---|---|
| Java Versions |
|
| Application Servers |
|
| Application Framework |
|
| Databases |
|
Table – Java – Supported Technologies
Supported Technologies for PHP
The table below lists the supported technologies for PHP
| Technology | Supported Version(s) |
|---|---|
| Runtime Versions |
|
| Web Servers |
|
| Databases |
|
| Thread Safety Mode |
|
Table – PHP – Supported Technologies
Supported Technologies for Ruby on Rails
The table below lists the supported technologies for Ruby on Rails
| Technology | Supported Version(s) |
|---|---|
| Language Versions |
|
| Web Servers |
|
| Application Framework |
|
| Databases |
|
Table – Ruby on Rails – Supported Technologies
Supported Technologies for .NET
The table below lists the supported technologies for .NET
| Technology | Supported Version(s) |
|---|---|
| .NET Framework | |
| Language Versions |
|
| Architecture |
|
| Web Servers |
|
| Managed Pipeline Mode |
|
| Application Framework |
|
| Databases |
|
| APM Compatibility |
|
| .NET Core | |
| Language Versions |
|
| Architecture |
|
| Web Servers |
|
| Hosting model |
|
| Application Framework |
|
| Databases |
|
| APM Compatibility |
|
Table – .NET – Supported Technologies
Supported Technologies for Node.js
The table below lists the supported technologies for Node.js
| Technology | Supported Version(s) |
|---|---|
| Language Versions |
|
| Application Framework |
|
| Databases |
|
Table – Node.js – Supported Technologies
Web Protection - Supported Web Server Versions
The table below lists the supported Webserver Versions by VSP-Web – Web Server
| Operating System | NGINX | Apache | ||
|---|---|---|---|---|
| VM | Container | VM | Container | |
| RHEL7 | NGINX 1.16 | Apache 2.4.6 | ||
| RHEL8 | NGINX 1.18 | |||
| UBUNTU16 | NGINX 1.10.3 | NGINX 1.10.3 | Apache 2.4.18 | Apache 2.4.18 |
| UBUNTU18 | NGINX 1.14 | |||
| UBUNTU20 | NGINX 1.18 | |||
Table – Supported Webserver Versions
Web Protection - Supported Vulnerabilities
The table below provides the supported vulnerabilities by VSP Web Protection
| Type | Java | PHP | RoR | Node.js | .NET | Web Protection on Web Server |
|---|---|---|---|---|---|---|
| Vulnerability | ||||||
| SQL Injection (SQLi) | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
| Command Injection (CMDi) | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
| Path Traversal (PT) | ✔ | ✔ | ✔ | ✔ | ✔ | |
| Local File Inclusion (LFI) | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
| Remote File Inclusion (RFI) | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
| Reflected-XSS | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
| Stored-XSS | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
| Carriage Return and Line Feed (CRLFi) | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
| XML Injection | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
| Custom Injection | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
| Protocol Enforcement | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
| DOM-based cross-site scripting (DOM-XSS) | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
| Cross-site request forgery (CSRF) | ✔ | ✔ | ||||
| Logging | ||||||
| Class Load | ✔ | ✔ | ||||
| Software Exception | ✔ | ✔ | ✔ | ✔ | ✔ | |
Table – Web Protection – Supported Vulnerabilities
XML Injection includes the below vulnerabilities:
- XML External Entity - PT/LFI
- XML External Entity - RFI
- Malicious input within XML for other supported vulnerability
- XML Bomb
The table below provides the supported vulnerabilities by VSP Web Protection options for each vulnerability
| Type | Available Instrumentation | Available Protection Mode | Possible Incident Type |
|---|---|---|---|
| Vulnerability | |||
| SQL Injection (SQLi) | HTTP/ DEEP | Protect/ Detect | Threat/ Attack |
| Command Injection (CMDi) | HTTP/ DEEP | Protect/ Detect | Attack |
| Path Traversal (PT) | HTTP/ DEEP | Protect/ Detect | Threat/ Attack |
| Local File Inclusion (LFI) | HTTP/ DEEP | Protect/ Detect | Threat/ Attack |
| Remote File Inclusion (RFI) | HTTP/ DEEP | Protect/ Detect | Attack |
| Reflected-XSS | DEEP | Protect/ Detect | Threat/ Attack |
| Stored-XSS | DEEP | Protect/ Detect | Attack |
| Carriage Return and Line Feed (CRLFi) | DEEP | Protect/ Detect | Threat/ Attack |
| XML Injection (XMLi) | HTTP/ DEEP | Protect/ Detect | Attack |
| Custom Injection | HTTP | Protect/ Detect | Attack |
| Protocol Enforcement | HTTP | Protect/ Detect | Attack |
| DOM-based cross-site scripting (DOM-XSS) | DEEP | Detect | Attack |
| Cross-site request forgery (CSRF) | DEEP | Protect/ Detect | Attack |
| Logging | |||
| Class Load | NA | NA | NA |
| Software Exception | NA | NA | NA |
Table – Web Protection – Available Options
Buffer Exploit Protection - Qualified Applications
NOTE:
VSP Memory is not supported when Intel® Transactional Synchronization Extensions (Intel® TSX) is enabled
For Virtual Machines
The table below lists the qualified Applications
| Operating System | NGINX 1.4 | NGINX 1.2 | Httpd 2.4 | Apache 2 |
|---|---|---|---|---|
| RHEL 7 | ✔ | |||
| CentOS 7.9 | ✔ | |||
| Ubuntu 18 | ✔ | |||
| Ubuntu 20 | ✔ | |||
| AmazonLinux2 | ✔ | ✔ |
Table – Qualified Applications for VMs
For Containers
The table below lists the qualified Applications
| Operating System | NGINX 1.4 | Httpd 2.4 | Apache 2 |
|---|---|---|---|
| Alpine 3.8 | ✔ | ||
| Alpine 3.10 | ✔ | ||
| Alpine 3.11 | ✔ | ||
| Alpine 3.12 | ✔ | ✔ | |
| Alpine 3.13 | ✔ | ✔ | |
| Debian Stretch Slim | ✔ | ||
| Debian Buster Slim | ✔ | ||
| Ubuntu 18.04 | ✔ | ||
| Ubuntu 20.04 | ✔ | ✔ | |
| RHEL 7.6 | ✔ | ✔ | |
| CentOS 7.9 | ✔ | ✔ |
Table – Qualified Applications for Containers
CMS Compatibility
With Third-Party Products
The table below lists the third-party products that CMS is compatible with
| Third-Party Product | Notes |
|---|---|
| LDAP | CMS is compatible with Active Directory only. No other LDAP integration is supported |
| SAML | Only Okta is supported in SAML |
| Splunk | Both HTTPS (Default) and HTTP are supported |
| Zendesk | |
| QRadar | |
| Email Server | |
| Syslog Server |
Table – CMS Compatibility with Third Party Products
Supported Browser
Google Chrome is the supported browser for CMS
Was this article helpful?