On this page:
|Summary: this page describes the new features and bugs that have been fixed in the CAST Security Dashboard 1.7.0.|
|Version||Summary of content|
This is a feature that allows you to search for an object name based on a list of violations. Filters can be enabled to limit the search scope.
The Advanced Search feature can be accessed using the icon in the left hand menu:
|CAST Security Dashboard|
"Out of the box", the Advanced Search feature is not enabled and the following message will be displayed:
This indicates that a "violations index" (on which the feature relies) has not yet been generated. To generate the index the following methods are available:
|Using the "Diagnostic" GUI|
Use the following URL to access the Diagnostic page:
This provides an indication of the violations index status based on the "domain":
In the following example the index has never been generated since the status is set to "toCreate":
Click to enlarge
To generate the index, click the Create/Update Index button. During generation the status "Indexing" will be displayed and on completion, the status will change to "upToDate":
Click to enlarge
|Using the RestAPI|
Use the RestAPI client:
Using the following URI with a PUT will generate the index (where <domain> is more than likely set to AED, unless you have custom domains):
Then use the same URI with a GET will show the index status:
|Generating the index when the web application starts|
This method will force the violations index to be generated if its status is toUpdate (i.e. the index exists but is out-of-date because a new snapshot has been computed since the index creation) every time the web application is started, i.e.:
Edit the following file with a text editor:
Set the following configuration to true:
Save the file. Next time the web application is started the index will be generated.
|Using a custom batch file|
This method is to be used when you have a configuration in the domains.properties file - i.e. multiple "domains". The custom batch will generate the violations index for all the domains configured in the domains.properties file.
Create the following batch files in the %CATALINA_HOME%\webapps\<dashboard>\WEB-INF folder an then run the launch.bat file to start the index generation:
In the following file (titi.bat), you need to modify the line starting curl to match your environment:
|Note that following the generation of a new snapshot, the violations index status will change to toUpdate, therefore CAST recommends regenerating the index to take into account the data available in the new snapshot.|
When the feature is accessed and the violations index has been generated, the following will be displayed:
|Left hand panel||The left hand panel provides a set of filters that can be used to narrow down the search cope. Filters are explained in XXXX.|
|Right hand panel|
The right hand panel list the results of the search. Key points:
The filters available in the left hand panel enable the search scope to be limited. The following filters can be enabled by expanding the section and selecting with a tick:
Criteria or Rules
Restrict the scope via a Health Measure, Technical Criterion or Rule (or a combination).
Displayed results are union of selected Criteria results, with duplicate violations omitted. Sorting is disabled on this section.
Restrict the scope via the weight of the rule in its parent Technical Criterion.
|Restrict the scope via the criticality of the rule (Critical or Non Critical).|
Restrict the scope to the violation status in the current snapshot: Added, Updated, Unchanged.
Displayed results are an OR of selected violation status results and AND of other filters selected values (eg : Criteria or rules, Technologies ,Transactions , Critical ,Module) with duplicate violations omitted. Violation status remains selected even after navigating to other views and coming back to Advanced search.
|Restrict the scope to objects that are classed as transactions.|
Restrict the scope to the technologies that are present in the current snapshot.
Displayed results are an OR of selected technologies results and AND of other filters selected values (eg : Criteria or rules, Modules ,Transactions , Critical ,Violation status) with duplicate violations omitted.
Restrict the scope to a module in the current snapshot.
Displayed results are an OR of selected module results and AND of other filters selected values (eg : Criteria or rules, Technologies ,Transactions , Critical ,Violation status) with duplicate violations omitted. Module remains selected even after navigating to other views and coming back to Advanced search.
Note that an indicator will show how many filters have been selected:
If SAML authentication is in operation, but no Single Logout service is provided in the IdP, you can now force the dashboard to handle this situation gracefully and display a message explaining what to do.
# is Single Logout implemented in the customer IDP ? security.saml.single.logout=false
Click to enlarge
In this release of the CAST Security Dashboard, the following tiles have been added to the default "out of the box" configuration. These tiles display the number of Violations or Critical Violations in the Application for rules that have the selected tag (i.e CISQ-SECURITY, CWE etc.):
Clicking on this tile navigates to the Risk investigation view with the specific tag selected at the top of the table . "All Rules" will be selected in the Technical Criteria table and the list of rules displayed will all be tagged with the selected tag:
When no rules belonging to the selected tag have been triggered, the tile displays "No applicable rules":
Enabling / disabling the Critical Violations filter will effect the violation count displayed in these tiles:
When using the CAST Security Dashboard with a full assessment model (i.e. not with CAST AIP for Security) rules with multi-parents (i.e. rules that contribute to more than one parent business/technical criterion) may give what may seem like erroneous results in the Advanced Search;
Consider the rule Avoid using Fields (non static final) from other Classes - 4602 which contributes to the business criteria "Total Quality Index (TQI)" and "Security". In "TQI" this rule is considered "critical" and in "Security" it is "not critical". The dashboard cannot correctly display information about this rule in the Advanced Search results since when the critical violation filter is enabled it will return results, and when the filter is disabled it will also return results.