From 0dab5ae167118469affcec6914af204c59ee3869 Mon Sep 17 00:00:00 2001 From: lovesh-ap Date: Fri, 20 Sep 2024 18:11:21 +0530 Subject: [PATCH 1/4] bump csec version to 1.5.0 --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index cb45415d71..6e2d48245f 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ # The agent version. agentVersion=8.14.0 -securityAgentVersion=1.4.0 +securityAgentVersion=1.5.0-SNAPSHOT newrelicDebug=false org.gradle.jvmargs=-Xmx2048m From e71d25981554098a771b90c134d09aa7a557cf0b Mon Sep 17 00:00:00 2001 From: lovesh-ap Date: Fri, 20 Sep 2024 18:15:48 +0530 Subject: [PATCH 2/4] update config --- .../src/main/resources/newrelic.yml | 61 +++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/newrelic-agent/src/main/resources/newrelic.yml b/newrelic-agent/src/main/resources/newrelic.yml index c695e34bda..c3f7b18627 100644 --- a/newrelic-agent/src/main/resources/newrelic.yml +++ b/newrelic-agent/src/main/resources/newrelic.yml @@ -438,6 +438,67 @@ common: &default_settings agent: enabled: false + # Security controllers + scan_controllers: + # The scan_request_rate_limit configuration allows to specify maximum number of replay request played per minute. + # The maximum is 3600 and the minimum is 12 replay request per minute. + iast_scan_request_rate_limit: 3600 # Number of IAST replay request played per minute, Default is 3600 + + # The scan_schedule configuration allows to specify when IAST scans should be executed + scan_schedule: + # The delay field specifies the delay in minutes before the IAST scan starts. This allows to schedule the scan to start at a later time. + delay: 0 #In minutes, default is 0 min + # The duration field specifies the duration of the IAST scan in minutes. This determines how long the scan will run. + duration: 0 #In minutes, default is forever + + # The schedule field specifies a cron expression that defines when the IAST scan should start. + #schedule: "" #By default, schedule is inactive + + # Allow continuously sample collection of IAST events + always_sample_traces: false # Default is false + + # The exclude_from_iast_scan configuration allows to specify APIs, parameters, and categories that should not be scanned by Security Agents. + exclude_from_iast_scan: + # The api field specifies list of APIs using regular expression (regex) patterns that follow the syntax of Perl 5. The regex pattern should provide a complete match for the URL without the endpoint. + # Example: + # api: + # - .*account.* + # - .*/\api\/v1\/.*?\/login + api: [ ] + + # The parameters configuration allows users to specify headers, query parameters, and body keys that should be excluded from IAST scans. + # Example: + # http_request_parameters: + # header: + # - X-Forwarded-For + # query: + # - username + # - password + # body: + # - account.email + # - account.contact + http_request_parameters: + # A list of HTTP header keys. If a request includes any headers with these keys, the corresponding IAST scan will be skipped. + header: [ ] + # A list of query parameter keys. The presence of these parameters in the request's query string will lead to skipping the IAST scan. + query: [ ] + # A list of keys within the request body. If these keys are found in the body content, the IAST scan will be omitted. + body: [ ] + + # The iast_detection_category configuration allows to specify which categories of vulnerabilities should not be detected by Security Agents. + # If any of these categories are set to true, Security Agents will not generate events or flag vulnerabilities for that category. + iast_detection_category: + insecure_settings: false + invalid_file_access: false + sql_injection: false + nosql_injection: false + ldap_injection: false + javascript_injection: false + command_injection: false + xpath_injection: false + ssrf: false + rxss: false + # These are the category of security events that can be detected. Set to false to disable detection of # individual event types. Default is true for each event type. detection: From 8a600355af5a9f0193cdd9314a4ff644337c123d Mon Sep 17 00:00:00 2001 From: lovesh-ap Date: Thu, 26 Sep 2024 09:49:19 +0530 Subject: [PATCH 3/4] CSEC Java Agent Version 1.5.0 Released --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index 6e2d48245f..cde4ebf7db 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ # The agent version. agentVersion=8.14.0 -securityAgentVersion=1.5.0-SNAPSHOT +securityAgentVersion=1.5.0 newrelicDebug=false org.gradle.jvmargs=-Xmx2048m From f4680cc0ec5da6c4c569e8e3b9639e510eaf870d Mon Sep 17 00:00:00 2001 From: lovesh-ap Date: Thu, 26 Sep 2024 09:57:30 +0530 Subject: [PATCH 4/4] CSEC Java Agent Version 1.5.0 Released --- newrelic-agent/src/main/resources/newrelic.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/newrelic-agent/src/main/resources/newrelic.yml b/newrelic-agent/src/main/resources/newrelic.yml index c3f7b18627..845597dd5a 100644 --- a/newrelic-agent/src/main/resources/newrelic.yml +++ b/newrelic-agent/src/main/resources/newrelic.yml @@ -499,6 +499,7 @@ common: &default_settings ssrf: false rxss: false + # Deprecated!!! Instead, please use iast_detection_category to disable vulnerabilities category by IAST, # These are the category of security events that can be detected. Set to false to disable detection of # individual event types. Default is true for each event type. detection: