{"_id":"5801218d7878670f00fa6ff0","parentDoc":null,"version":{"_id":"55db8f901a91690d007ad978","project":"55db8f8f1a91690d007ad975","__v":17,"createdAt":"2015-08-24T21:41:36.034Z","releaseDate":"2015-08-24T21:41:36.034Z","categories":["55db8f901a91690d007ad979","55db9856b3d6540d00886426","55dc751b00a8811900c230e3","55dc766255be9f21004ee250","55dc769200a8811900c230ed","55e4c701177b6e0d003330fa","55f4915caf0bc71900a53130","55f491b2be9c2b2100f0635d","560b22739c7be70d00100bd8","57488c53e8c6a420000b729c","574cefd95953e20e00f40f9f","5798edfd7700d30e00ad250c","579ac88234b5fd0e00b9e140","57c81c6d690c200e0047b72e","57d9b8fbda17c30e003897f1","57d9b90e608ea00e00f358d8","57d9b91cda17c30e003897f4"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"category":{"_id":"55e4c701177b6e0d003330fa","pages":["55e4c718177b6e0d003330fb","55e4c7ea40cda60d003bad38","55e4c823e252ac0d00303a54","55e4c9333325e60d007fbeb8","55e4c97540cda60d003bad3e","55e4c9903325e60d007fbebc","55e4c9c33325e60d007fbebe","55e4c9ce40cda60d003bad41"],"project":"55db8f8f1a91690d007ad975","version":"55db8f901a91690d007ad978","__v":8,"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-08-31T21:28:33.497Z","from_sync":false,"order":2,"slug":"dashboard","title":"Dashboard"},"user":"574c9889a1f0be2000ae376e","githubsync":"","project":"55db8f8f1a91690d007ad975","__v":1,"updates":[],"next":{"pages":[],"description":""},"createdAt":"2016-10-14T18:18:53.656Z","link_external":false,"link_url":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":8,"body":"The File Access Dashboard is provided for each protected application. It consists of two views:\n1. Vulnerabilities Overview\n2. File Access Vulnerability Detail\n\n#File Access Vulnerabilities Overview\n----\nThe first page of File Access Dashboard provides a table with the full list of all vulnerabilities reported by the agent. \n\nVulnerability is a trace of application execution captured in the call stack that is available in the vulnerability details view. On the overview page each vulnerability is represented by route and method responsible for the execution of the response.\n\nThe vulnerabilities overview provides a list of all vulnerabilities reported since IMMUNIO was first installed.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/bf5da4a-1.png\",\n        \"1.png\",\n        941,\n        507,\n        \"#e7e8e8\"\n      ],\n      \"caption\": \"\"\n    }\n  ]\n}\n[/block]\nEach vulnerability is represented with the following information:\n\n* Vulnerability *Route* and method\n* *File name* and *Line of code*\n* *Protection mode* applied for this route. By default, all files are protected with the standard algorithm, i.e. “Normal”. \n* If there was a previous tuning action reported for this vulnerability (*Learned*)\n* If the same vulnerability was reported before (*New*)\n* Number of HTTP requests for which it was recorded (*Attacks*)\n* How many of the attacks were *Blocked*. This requires File Access threat settings to be set to Protect\n\nTuning table on the overview page captures of all vulnerabilities that have been tuned in the past.\n\n#File Access Vulnerability Details\n----\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/46e6bbc-2.png\",\n        \"2.png\",\n        941,\n        523,\n        \"#e5e6e6\"\n      ]\n    }\n  ]\n}\n[/block]\nVulnerability Detail provides detailed information about the request that induced the recorded behavior, associated runtime parameters and stack trace associated with unexpected execution as well as the expected sensor data. \n\nFrom the top of the page:\n\nExpected Paths: \t\nList of all the paths that are allowed to be read and written to during normal execution.\nOccurrences:\n\tOverview of HTTP requests that induced the same application behavior over time. \nOccurrence Details\n\tDetailed information for a given occurrence select in the Occurrences view.\nProtected:\n\tIndication on whether, or not IMMUNIO blocked access to the requested file.\nTimestamp:\n\tTime of occurrence.\nURL:\n\tURL that was targeted with the HTTP request for this occurrence.\nDetected File:\n\tApplication file on the host system that was accessed that is outside of expected paths.\nRoute:\n\tRoute that executed read, or write command for the Detected File.\nFile:\n\tSource file that contains the method responsible for the executed read, or write command.\nLine Number:\n\tLine number in the source file responsible for the unexpected execution.\nAction:\n\tUser action following the review of the vulnerability. Check the section File Access Tuning for more detail. \nStacktrace:\n\tFull execution trace that represents the vulnerability. \n\n\n#File Access Tuning\n----\nIf IMMUNIO detects unauthorized access to a specific file that was not recorded during the Analysis Mode phase and it is a valid request, you can update the sensors during vulnerability review.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/85d4829-Screen_Shot_2016-10-17_at_1.40.51_PM.png\",\n        \"Screen Shot 2016-10-17 at 1.40.51 PM.png\",\n        390,\n        69,\n        \"#dcdcd9\"\n      ]\n    }\n  ]\n}\n[/block]\nThe following Tuning Options are available:  \n\nAccept File:\n\tAllows future access to this particular file.\n\nAccept any file:\n\tAllows future access to all files within this directory.","excerpt":"","slug":"file-access","type":"basic","title":"File Access"}
The File Access Dashboard is provided for each protected application. It consists of two views: 1. Vulnerabilities Overview 2. File Access Vulnerability Detail #File Access Vulnerabilities Overview ---- The first page of File Access Dashboard provides a table with the full list of all vulnerabilities reported by the agent. Vulnerability is a trace of application execution captured in the call stack that is available in the vulnerability details view. On the overview page each vulnerability is represented by route and method responsible for the execution of the response. The vulnerabilities overview provides a list of all vulnerabilities reported since IMMUNIO was first installed. [block:image] { "images": [ { "image": [ "https://files.readme.io/bf5da4a-1.png", "1.png", 941, 507, "#e7e8e8" ], "caption": "" } ] } [/block] Each vulnerability is represented with the following information: * Vulnerability *Route* and method * *File name* and *Line of code* * *Protection mode* applied for this route. By default, all files are protected with the standard algorithm, i.e. “Normal”. * If there was a previous tuning action reported for this vulnerability (*Learned*) * If the same vulnerability was reported before (*New*) * Number of HTTP requests for which it was recorded (*Attacks*) * How many of the attacks were *Blocked*. This requires File Access threat settings to be set to Protect Tuning table on the overview page captures of all vulnerabilities that have been tuned in the past. #File Access Vulnerability Details ---- [block:image] { "images": [ { "image": [ "https://files.readme.io/46e6bbc-2.png", "2.png", 941, 523, "#e5e6e6" ] } ] } [/block] Vulnerability Detail provides detailed information about the request that induced the recorded behavior, associated runtime parameters and stack trace associated with unexpected execution as well as the expected sensor data. From the top of the page: Expected Paths: List of all the paths that are allowed to be read and written to during normal execution. Occurrences: Overview of HTTP requests that induced the same application behavior over time. Occurrence Details Detailed information for a given occurrence select in the Occurrences view. Protected: Indication on whether, or not IMMUNIO blocked access to the requested file. Timestamp: Time of occurrence. URL: URL that was targeted with the HTTP request for this occurrence. Detected File: Application file on the host system that was accessed that is outside of expected paths. Route: Route that executed read, or write command for the Detected File. File: Source file that contains the method responsible for the executed read, or write command. Line Number: Line number in the source file responsible for the unexpected execution. Action: User action following the review of the vulnerability. Check the section File Access Tuning for more detail. Stacktrace: Full execution trace that represents the vulnerability. #File Access Tuning ---- If IMMUNIO detects unauthorized access to a specific file that was not recorded during the Analysis Mode phase and it is a valid request, you can update the sensors during vulnerability review. [block:image] { "images": [ { "image": [ "https://files.readme.io/85d4829-Screen_Shot_2016-10-17_at_1.40.51_PM.png", "Screen Shot 2016-10-17 at 1.40.51 PM.png", 390, 69, "#dcdcd9" ] } ] } [/block] The following Tuning Options are available: Accept File: Allows future access to this particular file. Accept any file: Allows future access to all files within this directory.