open-appsec
WebsiteManagement PortalPlaygroundGitHub
  • open-appsec Documentation
  • What is open-appsec?
  • open-appsec Video Tutorials
  • Release Notes
  • Getting started
    • Getting Started
    • Start With Kubernetes
      • Install Using Interactive CLI Tool (Ingress NGINX)
      • Configuration Using Interactive CLI Tool
      • Install Using Helm
      • Install Using Helm - new flow (beta)
      • Configuration Using CRDs
      • Configuration Using CRDs - v1beta2
      • Configuration using CRDs - special options for Large Scale Deployments
        • Using appsec class for assigning separate custom resources to specific deployments
        • Using namespace-scoped custom resources
      • Monitor Events
    • Start With Linux
      • Install open-appsec for Linux
      • Using the open-appsec-ctl Tool
      • Configuration Using Local Policy File (Linux)
      • Local Policy File (Advanced)
      • Local Policy File v1beta2 (beta)
      • Monitor Events
    • Start with Docker
      • Install With Docker (Centrally Managed)
      • Install With Docker (Locally Managed)
      • Deploy With Docker-Compose (Beta)
      • Configuration Using Local Policy File (Docker)
      • Local Policy File (Advanced)
    • Using the Web UI (SaaS)
      • Sign-Up and Login to Portal
      • Agents Deployment
      • Connect Deployed Agents to SaaS Management Using Tool (K8s & Linux)
      • Connect Deployed Agents to SaaS Management Using Helm (K8s)
      • Connect Deployed Agents to SaaS Management (Docker)
      • Create a Profile
      • Protect Additional Assets
      • Monitor Events
    • Using the Advanced Machine Learning Model
  • Concepts
    • Agents
    • Management & Automation
    • Security Practices
    • Contextual Machine Learning
  • SETUP INSTRUCTIONS
    • Setup Web Application Settings
    • Setup Custom Rules and Exceptions
    • Setup Web User Response Pages
    • Setup Log Triggers
    • Setup Behavior Upon Failure
    • Setup Agent Upgrade Schedule
  • Additional Security Engines
    • Anti-Bot
    • API Schema Enforcement
    • Data Loss Prevention (DLP) Rules
    • File Security
    • Intrusion Prevention System (IPS)
    • Rate Limit
  • Snort Rules
    • Import Snort Rules
    • Write Snort Signatures
  • HOW TO
    • Configuration and Learning
      • Track Learning and Move From Learn/Detect to Prevent
      • Configure Contextual Machine Learning for Best Accuracy
      • Track Learning and Local Tuning in Standalone Deployments
      • Move From Detect to Prevent in K8s With Many Ingress Rules
  • Deployment and Upgrade
    • Load the Attachment in Proxy Configuration
    • Upgrade Your Reverse Proxy/API Gateway When an Agent is Installed
    • Integration in GitOps CD (K8s)
    • Build open-appsec Based on Source Code
  • Management Web UI
    • Track Agent Status
    • Delete or Reset Management Tenant (SaaS)
    • Disconnect an open-appsec agent from Central Management
  • Integrations
    • About Integrations With 3rd Party Solutions
    • CrowdSec
      • CrowdSec Bouncer Support
      • CrowdSec Intelligence Sharing Using open-appsec Parser/Scenario
    • NGINX Proxy Manager
      • Install NGINX Proxy Manager with open-appsec managed from NPM WebUI
      • Install NGINX Proxy Manager with open-appsec managed from central WebUI (SaaS)
      • Frequently Asked Questions
      • How to Migrate from an Existing NGINX Proxy Manager Deployment and Keep Configuration
    • NPMplus
    • Docker SWAG
      • Install Docker SWAG with open-appsec (locally managed)
      • How to connect locally managed Docker SWAG with open-appsec to WebUI
      • Install Docker SWAG with open-appsec (centrally managed)
      • Deploy Docker SWAG with docker-compose (beta)
      • Frequently Asked Questions
  • Troubleshooting
    • Troubleshooting
    • Troubleshooting Guides
      • Configuration contains ingress/asset with URL which already has asset attached to it in your tenant
      • HTTP Request to Port 80 Not Returning as Expected
      • Agent Fails to Recognize HTTP Transactions with NGINX
      • Agent Not Recognizing Initial HTTP Requests
      • Handling Large Requests (413 Responses)
      • open-appsec on Docker HTTP Transaction Handler Is Set To Ready
      • Traffic Recognition Issue on Single-Core Machine/Connection Timed Out
      • Installing open-appsec on CentOS 7
      • SELinux: checking status and disabling
      • Deploy open-appsec directly on the web server hosting the application to protect
      • object is locked or remote, and therefore cannot be modified
      • Failed to Register to Fog
  • references
    • Agent CLI
    • Event Query Language
    • Events/Logs Schema
    • WAF Comparison Project
Powered by GitBook
On this page
  • Configuring upgrade mode
  • Configuring unscheduled automatic upgrades
  • Configuring scheduled automatic upgrades
  • Disabling automatic upgrades

Was this helpful?

  1. SETUP INSTRUCTIONS

Setup Agent Upgrade Schedule

PreviousSetup Behavior Upon FailureNextAnti-Bot

Last updated 3 months ago

Was this helpful?

By default the system is set to automatically and seamlessly upgrade agents. Learn here how to configure a custom schedule instead or switch to a manual upgrade process.

Automatic upgrades are a "Premium Edition" feature of open-appsec.

The explanations provided here relate to open-appsec agent upgrades only, they are not relevant for IPS signature updates.

Configuring upgrade mode

To setup specific schedule or switch to manual upgrades only, navigate to Profiles->[select your profile]. See the Agent Upgrade section.

Here you can see the latest available version which you can compare with your active agents' versions.

You can find the currently installed agent version displayed under the Agents option.

Configuring unscheduled automatic upgrades

The default upgrade mode is configured to Automatic. In this mode upgrades are performed with each release of a new agent version.

Configuring scheduled automatic upgrades

For scheduled agent upgrades switch the mode to Scheduled.

In the Day of week field select any combination of days on which you want to allow upgrades to happen.

Configure your desired upgrade window by setting the begin time in UTC in the Upgrade window starts at (UTC) field and selecting the maximum allowed upgrade window duration in the Duration field between 2 hours and 12 hours (configuration possible in two hour increments).

In the example screenshot above scheduled upgrades take place automatically between 2am and 6am only on Sundays, Thursdays and Tuesdays whenever a new upgrade is available.

Disabling automatic upgrades

In order to prevent automatic scheduled or unscheduled upgrades from happening change the upgrade mode to Manual.

This allows you to manually control the upgrade process of your deployed agents.

In order to trigger a manual upgrade hit the Upgrade Now button whenever there's a new version available that you want to install.

The Manual upgrade mode option is not recommended unless you need full manual control of all agent upgrades. Instead the recommendation is to always use Automatic or Scheduled upgrade modes to prevent the agent from not being upgraded for a significant time (= more than three months) as after this time it becomes unsupported!