IAST troubleshooting re-writes #19330
Conversation
cbehera-newrelic
commented
Nov 19, 2024
cbehera-newrelic
commented
- created a new section for IAST troubleshooting and converted the QnA format to NR standard.
- Ticket: NR-265117
cbehera-newrelic
added
content
✅ Deploy Preview for docs-website-netlify ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
|
Hi @cbehera-newrelic 👋 Thanks for your pull request! Your PR is in a queue, and a writer will take a look soon. We generally publish small edits within one business day, and larger edits within three days. We will automatically generate a preview of your request, and will comment with a link when the preview is ready (usually 10 to 20 minutes). |
|
|
|
|
||
| ## Solution | ||
|
|
||
| Your application may show some latency for some time as part of IAST during high traffic. This should resolve within a few minutes after it finishes the IAST test. |
There was a problem hiding this comment.
"the IAST test"....should just be "...finishes IAST"
|
|
||
| ## Solution | ||
|
|
||
| Your application may show some latency for some time as part of IAST during high traffic. This should resolve within a few minutes after it finishes the IAST test. |
There was a problem hiding this comment.
Start the sentence with "When there is high traffic, your application...."
|
|
||
| ## Solution | ||
|
|
||
| - For Golang, ensure that you imported the required instrumentation packages of libraries and frameworks. |
There was a problem hiding this comment.
Why is this a bullet point? We normally don't create a list with just one bullet.
|
|
||
| - For Golang, ensure that you imported the required instrumentation packages of libraries and frameworks. | ||
|
|
||
| For example, your application is using libraries for [Mongo DB](http://go.mongodb.org/mongo-driver/mongo). For this specific library, you need to import this [instrumentation package](https://github.com/newrelic/csec-go-agent/tree/main/instrumentation/csec_mongodb_mongo) from newrelic: |
There was a problem hiding this comment.
Check capitalization of newrelic
|
|
||
| - For Golang, ensure that you imported the required instrumentation packages of libraries and frameworks. | ||
|
|
||
| For example, your application is using libraries for [Mongo DB](http://go.mongodb.org/mongo-driver/mongo). For this specific library, you need to import this [instrumentation package](https://github.com/newrelic/csec-go-agent/tree/main/instrumentation/csec_mongodb_mongo) from newrelic: |
There was a problem hiding this comment.
"...Mongo DB, then you must import the instrumentation package library..."
Check capitlaizaton for all proper nouns
| ) | ||
| ``` | ||
|
|
||
| Depending on you application requierement, you might have to import additional packages. Check our [list of supported packages](https://github.com/newrelic/csec-go-agent#instrumentation-packages). |
There was a problem hiding this comment.
Depending on the requirements of your package, you may....
|
|
||
| ## Solution | ||
|
|
||
| IAST starts testing when it detects some traffic, so check if your application works out or has any traffic directed at it. Perform the app's UI or API endpoints. |
There was a problem hiding this comment.
What does "works out" mean?
|
|
||
| ## Solution | ||
|
|
||
| If you don't see your application in <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > All Tests**</DNT>, check the following: |
There was a problem hiding this comment.
The bullets here are not parallel. Please reach each as a continuation of "...check the following"
|
|
||
| Possible reasons for not finding your application in the New Relic UI are: | ||
| * A wrong version of the APM agent. | ||
| * IAST flags being disabled. |
| Possible reasons for not finding your application in the New Relic UI are: | ||
| * A wrong version of the APM agent. | ||
| * IAST flags being disabled. | ||
| * Proxy or Firewall blocking access. |
| * A wrong version of the APM agent. | ||
| * IAST flags being disabled. | ||
| * Proxy or Firewall blocking access. | ||
| * Wrong TLS Certificate. |
|
|
||
| ## Cause | ||
|
|
||
| Possible reasons for not finding your application in the New Relic UI are: |
There was a problem hiding this comment.
None of these bullets should have a period at the end
| --- | ||
|
|
||
| ## Problem | ||
| you can see your application in the New Relic UI and the security agent successfully started IAST, but you don't see vulnerabilities in the UI. |
|
|
||
| ## Solution | ||
|
|
||
| If this is a new app, firewalls could be preventing it from communicating with the New Relic platform. Check the service stats section in the file with the latest timestamp in `nr-security-home/logs/snapshots`. All six items in that list should say OK. If they don't, review the logs for more info or reach out to [New Relic Support](https://support.newrelic.com). You can also see the [standard firewall documentation](/docs/new-relic-solutions/get-started/networks/). |
There was a problem hiding this comment.
Second sentence:
- Start with "In the file with the latest..."
- Check capitlaization of "service stats" in the UI
|
|
||
| ## Solution | ||
|
|
||
| If this is a new app, firewalls could be preventing it from communicating with the New Relic platform. Check the service stats section in the file with the latest timestamp in `nr-security-home/logs/snapshots`. All six items in that list should say OK. If they don't, review the logs for more info or reach out to [New Relic Support](https://support.newrelic.com). You can also see the [standard firewall documentation](/docs/new-relic-solutions/get-started/networks/). |
There was a problem hiding this comment.
Last sentence "refer to" instead of "see"
|
|
||
| If you have configured your firewall correctly, check the following: | ||
|
|
||
| * **The level of efficiency for your application:** Go to <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > All Tests**</DNT>. Search for your application and check the summary section. If IAST analysis coverage is low for your application, add more test cases to your application to get a higher level of testing efficiency. |
There was a problem hiding this comment.
Check capitalization of "summary" in "the summary section"
|
|
||
| * **The level of efficiency for your application:** Go to <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > All Tests**</DNT>. Search for your application and check the summary section. If IAST analysis coverage is low for your application, add more test cases to your application to get a higher level of testing efficiency. | ||
|
|
||
| * **The IAST coverage:** Go to <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > All Tests**</DNT>. Search for your application and click to view the summary section. Under the summary section, check if IAST analysis coverage is high and no vulnerabilities are detected, that means your application is secure. |
|
|
||
| * **The IAST coverage:** Go to <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > All Tests**</DNT>. Search for your application and click to view the summary section. Under the summary section, check if IAST analysis coverage is high and no vulnerabilities are detected, that means your application is secure. | ||
|
|
||
| * **Your application is secure:** In this case, check your IAST analysis coverage in <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > All Tests**</DNT>. Search for your application and check the summary section. If IAST Analysis coverage is 100% and no vulnerabilities are detected, that means your application is secure. |
There was a problem hiding this comment.
Same comment as #21
Check capitalization in uI for "IAST Analysis coverage"
|
|
||
| * **Your application is secure:** In this case, check your IAST analysis coverage in <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > All Tests**</DNT>. Search for your application and check the summary section. If IAST Analysis coverage is 100% and no vulnerabilities are detected, that means your application is secure. | ||
|
|
||
| * **Your web socket connection is broken:** Please check the latest log file in your `nr-security-home/logs/snapshots/` folder, and look for the `Service stats -> websocket` line. The expected value is OK. |
|
|
||
| * Your application's framework or vulnerability category isn't supported. | ||
|
|
||
| After checking these, if you don't see vulnerabilities in IAST, please contact [New Relic Support](https://support.newrelic.com/s/) and share your application's configuration and logs with our support team. |
| @@ -0,0 +1,28 @@ | |||
| --- | |||
| title: Viewing false positive vulnerabilities | |||
|
|
||
| Update the status of your vulnerability if you think IAST has reported a false positive. Follow these steps: | ||
|
|
||
| - Search your application: Go to <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > All Tests**</DNT>. |
There was a problem hiding this comment.
"Search your application" or "Search for your application"?
|
|
||
| - Search your application: Go to <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > All Tests**</DNT>. | ||
|
|
||
| - Click on the all applications tab and select the vulnerability that isn't an actual vulnerability. |
There was a problem hiding this comment.
No "Click on"....always "Click"
Check capitalization of "all applications tab"
| ## Solution | ||
|
|
||
| If your application has the functionality to create files and directories as part of serving an HTTP request, IAST will try to test the code path and hence, create such files and directories. | ||
| The application code, under the influence of incoming HTTP requests, creates these files. The agent can't deleted them. |
There was a problem hiding this comment.
"delete" not "deleted"
|
|
|
|
|
||
| ## Problem | ||
|
|
||
| I tested an application with known vulnerabilities, but IAST couldn't detect any vulnerability. |
There was a problem hiding this comment.
The use of first person is inconsistent with the other "Problem" sections
|
|
||
| ## Solution | ||
|
|
||
| IAST starts testing when it detects some traffic, so check if your application starts or has any traffic directed at it. Perform the app's UI or API endpoints. |
|
|
||
| ## Problem | ||
|
|
||
| I don't see my application in the New Relic UI. |
