Updated on 2024-04-15 GMT+08:00

Viewing Application Protection

To protect your applications with RASP, you simply need to add probes to them, without having to modify application files.

Technical Principles

Probes (monitoring and protection code) are added to the checkpoints (key functions) of applications through dynamic code injection. The probes identify attacks based on predefined rules, data passing through the checkpoints, and contexts (application logic, configurations, data, and event flows).

Prerequisites

You have enabled HSS premium, WTP, or container edition.

Constraints

  • Currently, only Linux servers are supported.
  • So far, only Java applications can be protected.
  • The premium and higher editions support operations related to application protection.

Viewing Protection Settings

  1. Log in to the management console.
  2. In the upper left corner of the page, click , select a region, and choose Security > Host Security Service.
  3. Choose Prevention > Application Protection. Click the Protected Servers tab.
  4. Click the Protection Servers tab and check the server list. The server parameters are as follows.

    Table 1 Parameter description

    Parameter

    Description

    Server Name/ID

    Server name and ID

    IP Address

    Private IP address and EIP of the server

    OS

    Server OS

    Server Group

    Group that the server belongs to

    Policy

    Detection policies bound to the target server.

    Protection Status

    Protection status of a server

    • Protected
    • Unprotected

    Microservice Protection

    Microservice protection status. Its value can be:

    • Active
    • Installing
    • Configuration pending
    • Installation failed

    RASP Protection.

    RASP protection status. Its value can be:

    • Installing
    • Configuration pending
    • Installation failed

    Detected Attacks

    Number of attacks detected by RASP.

Viewing Events

  1. Log in to the management console and go to the HSS page.
  2. Choose Prevention > Application Protection and click the Events tab. For details about the parameters, see Table 2.

    Table 2 Event parameters

    Parameter

    Description

    Severity

    Alarm severity

    Server Name

    Server that triggers an alarm

    Alarm Name

    Alarm name

    Alarm Time

    Time when an alarm is reported

    Attack Source IP Address

    IP address of the server that triggers the alarm

    Attack Source URL

    URL of the server that triggers the alarm

  3. You can click an alarm name to view the attack information (such as the request information and attack source IP address) and extended information (such as detection rule ID and description), and troubleshoot the problem accordingly.