open-appsec
WebsiteManagement PortalPlaygroundGitHub
  • open-appsec Documentation
  • What is open-appsec?
  • open-appsec Video Tutorials
  • Release Notes
  • Getting started
    • Getting Started
    • Start With Kubernetes
      • Install Using Interactive CLI Tool (Ingress NGINX)
      • Configuration Using Interactive CLI Tool
      • Install Using Helm
      • Install Using Helm - new flow (beta)
      • Configuration Using CRDs
      • Configuration Using CRDs - v1beta2
      • Configuration using CRDs - special options for Large Scale Deployments
        • Using appsec class for assigning separate custom resources to specific deployments
        • Using namespace-scoped custom resources
      • Monitor Events
    • Start With Linux
      • Install open-appsec for Linux
      • Using the open-appsec-ctl Tool
      • Configuration Using Local Policy File (Linux)
      • Local Policy File (Advanced)
      • Local Policy File v1beta2 (beta)
      • Monitor Events
    • Start with Docker
      • Install With Docker (Centrally Managed)
      • Install With Docker (Locally Managed)
      • Deploy With Docker-Compose (Beta)
      • Configuration Using Local Policy File (Docker)
      • Local Policy File (Advanced)
    • Using the Web UI (SaaS)
      • Sign-Up and Login to Portal
      • Agents Deployment
      • Connect Deployed Agents to SaaS Management Using Tool (K8s & Linux)
      • Connect Deployed Agents to SaaS Management Using Helm (K8s)
      • Connect Deployed Agents to SaaS Management (Docker)
      • Create a Profile
      • Protect Additional Assets
      • Monitor Events
    • Using the Advanced Machine Learning Model
  • Concepts
    • Agents
    • Management & Automation
    • Security Practices
    • Contextual Machine Learning
  • SETUP INSTRUCTIONS
    • Setup Web Application Settings
    • Setup Custom Rules and Exceptions
    • Setup Web User Response Pages
    • Setup Log Triggers
    • Setup Behavior Upon Failure
    • Setup Agent Upgrade Schedule
  • Additional Security Engines
    • Anti-Bot
    • API Schema Enforcement
    • Data Loss Prevention (DLP) Rules
    • File Security
    • Intrusion Prevention System (IPS)
    • Rate Limit
  • Snot Rules
    • Import Snort Rules
    • Write Snort Signatures
  • HOW TO
    • Configuration and Learning
      • Track Learning and Move From Learn/Detect to Prevent
      • Configure Contextual Machine Learning for Best Accuracy
      • Track Learning and Local Tuning in Standalone Deployments
      • Move From Detect to Prevent in K8s With Many Ingress Rules
  • Deployment and Upgrade
    • Load the Attachment in Proxy Configuration
    • Upgrade Your Reverse Proxy/API Gateway When an Agent is Installed
    • Integration in GitOps CD (K8s)
    • Build open-appsec Based on Source Code
  • Management Web UI
    • Track Agent Status
    • Delete or Reset Management Tenant (SaaS)
    • Disconnect an open-appsec agent from Central Management
  • Integrations
    • About Integrations With 3rd Party Solutions
    • CrowdSec
      • CrowdSec Bouncer Support
      • CrowdSec Intelligence Sharing Using open-appsec Parser/Scenario
    • NGINX Proxy Manager
      • Install NGINX Proxy Manager with open-appsec managed from NPM WebUI
      • Install NGINX Proxy Manager with open-appsec managed from central WebUI (SaaS)
      • Frequently Asked Questions
      • How to Migrate from an Existing NGINX Proxy Manager Deployment and Keep Configuration
    • NPMplus
    • Docker SWAG
      • Install Docker SWAG with open-appsec (locally managed)
      • How to connect locally managed Docker SWAG with open-appsec to WebUI
      • Install Docker SWAG with open-appsec (centrally managed)
      • Deploy Docker SWAG with docker-compose (beta)
      • Frequently Asked Questions
  • Troubleshooting
    • Troubleshooting
    • Troubleshooting Guides
      • Configuration contains ingress/asset with URL which already has asset attached to it in your tenant
      • HTTP Request to Port 80 Not Returning as Expected
      • Agent Fails to Recognize HTTP Transactions with NGINX
      • Agent Not Recognizing Initial HTTP Requests
      • Handling Large Requests (413 Responses)
      • open-appsec on Docker HTTP Transaction Handler Is Set To Ready
      • Traffic Recognition Issue on Single-Core Machine/Connection Timed Out
      • Installing open-appsec on CentOS 7
      • SELinux: checking status and disabling
      • Deploy open-appsec directly on the web server hosting the application to protect
      • object is locked or remote, and therefore cannot be modified
      • Failed to Register to Fog
  • references
    • Agent CLI
    • Event Query Language
    • Events/Logs Schema
    • WAF Comparison Project
Powered by GitBook
On this page

Was this helpful?

  1. Getting started
  2. Using the Web UI (SaaS)

Protect Additional Assets

PreviousCreate a ProfileNextMonitor Events

Last updated 2 months ago

Was this helpful?

This page discusses how to add additional assets for protection.

Web Application Configuration

Step 1: Create a new asset

  • When logged in to the open-appsec portal, click on the Assets option in the top navigation menu.

  • If you have not configured any assets yet, the portal will show the following and a New Asset option will be available. For creating a new Web Application asset, select New Asset->Web Application.

If you configured assets before, you can either click New Web Application or Clone Web Application.

Step 2: Basic Details

Complete the following details:

  • Name - choose a clear distinguishable name for your asset

  • Tags (Optional) - can be used for searches.

  • Profile - Select the profile you have created during the previous step - make sure to connect your deployed agents to the SaaS management, see here: Connect Deployed Agents to SaaS Management Using Tool (K8s & Linux), Connect Deployed Agents to SaaS Management (Docker)

Step 3: Web Application/API details:

Add the URLs that users/clients will access to reach the application/API - configure at least one host address with optional non-standard port. open-appsec will protect these hosts.

Make sure to also configure the correct port for policy enforcement if you're not using the defaults (port 80 for HTTP and/or port 443 for HTTPS).

Examples:

  • https://www.acme.com

  • http://www.acme.com

  • https://www.acme.com/sales

  • https://sales.acme.com

  • https://172.20.20.4:3000 (sets non-standard port 3000 for policy enforcement)

  • https://sales.acme.com:* (specifying * as port will enforce policy for all destination ports)

Kong Gateway's default ports for inbound traffic for HTTP and HTTPS are 8000 and 8443. APISIX Gateway's default ports for inbound traffic for HTTP and HTTPS are 9080 and 9443.

Make sure to specify those correctly in addition to protocol, hostname and path as described above so that the specified asset will successfully match the traffic to your Gateway.

Step 4: Source Identity

Define how the Machine Learning engine should distinguish between different API or human users.

Select the method by which different users will be distinguished from one another. The commonly used options are:

  • X-Forwarded-For Header - When there is a Reverse Proxy or ALB between the Reverse Proxy the agent is running on, and the internet - the original source IP address cannot be seen on the networking level. This option allows the Nano-Agent to identify the original source IP inside the X-Forwarded-For header. No additional parameters are required in the common case where a single Reverse Proxy/ALB is found before the agent's deployment.

In the less common case, where there is more than 1 reverse proxy and/or ALB deployments before the open-appsec reverse proxy deployment, add the IP addresses of the previous hops, to allow the distinction between them and the original source address.

  • Source IP Address - The Nano-Agent uses the source IP address as the identifier. No additional parameters are required.

More advanced methods are also available. These include:

  • Cookie Key - when you select this option, you need to add the key name within the cookie whose value is used as the unique identifier of the original source.

  • HTTP Header - when you select this option, you need to add the HTTP header name whose value is used as the unique identifier of the original source.

  • JWT Key - Authenticated API calls send a JSON Web Token (JWT) received by authentication API. This JWT usually contains identifying field. When you select this option, the value of one of the JWT keys can be used as the unique identifier of the original source.

Step 5: Trusted Sources (optional)

Define how the Machine Learning engine should distinguish the users that can be trusted.

You may define trusted sources that serve as a baseline for comparison for benign behavior, and how many Users/Addresses must exhibit similar activity for it to really be considered benign by the learning model.

Step 6: Practices (optional)

The Web Attacks open-appsec protection is already configured and set to "Learn/Detect" mode. This is visible in the Threat Prevention tab showing the security practices configuration.

Step 7: Click Enforce

At the top of the portal near the right corner, there is an "Enforce" option. Click on it to publish the configuration settings to the already deployed agent.

Asset Mode

The color of the Asset in the assets screen represents the asset's state:

  • Orange: The asset is not connected to an agent

  • Blue: The asset is connected to an agent in learning mode

  • Green: The asset is connected to an agent in protection mode

This is explained in more details .

You do not need to make any changes as it is also recommended to start in "Learn/Detect" mode and move to prevent after the Machine Learning engine has reached a high enough learning level as explained .

here
here
assets in diffrent Modes