Security Hub

Bring your software development workflows to security

icon-targeted

Targeted attack

Signals & Triggers

On request
If an IP has performed malicious requests

Actions

  • Report an incident Report an incident

Notifications

  • Send an email to all team members Send an email to all team members
  • Send a Slack notification. Send a Slack notification.
  • POST to your Webhook. POST to your Webhook.
  • Create an incident on PagerDuty (coming soon) Create an incident on PagerDuty (coming soon)

Details

Once an attacker managed to breach your system, it’s probably too late to take countermeasures. While Sqreen protects your application against the riskiest vulnerabilities, an attacker may find business logic flaws that allow to perform non-authorized actions.

Sqreen detects when an attacker starts to fingerprint an application and leaks information about your application stack.

By collecting and correlating various signals, this plugin will raise the red flag as soon as an actor starts to perform unusual activities.

Advanced details

Every 15 minutes, we look back at IP activity for the last 24 hours:

  • the number of malicious requests (security scanners, bots, injections attempts matched by OWASP CRS)
  • the total number of authentications
  • the number of failed authentications

For each IP activity history we check:

  • If malicious requests were performed
  • For an important ratio of failed authentications
  • Hints of non automated activity

If the signals keep repeating during a period of time (long enough not to be an automated scan) we raise the trigger.

Language support

  • Ruby
  • Node.js
  • PHP
  • Python
  • Java

Data collected by Sqreen

Signals
  • Authentications (Sqreen SDK)

On attack
  • Malicious requests
  • Attacker IP
  • Attacker account (Sqreen SDK)

Built for developers and modern apps

Get up and running in minutes just by installing our lightweight library. Enable plugins in just a couple of clicks.

  • Node.js
  • Ruby
  • PHP
  • Python
  • Java
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9

$ npm install --save sqreen

$ echo '{ "token": "your token" }' > sqreen.json

 

// This should be the first line of your app

require('sqreen');

$ echo "gem 'sqreen'" >> Gemfile

$ bundle install

$ echo "token: your token" > config/sqreen.yml

$ curl -s https://download.sqreen.io/php/install.sh > sqreen-install.sh && bash sqreen-install.sh your token

$ pip install sqreen

$ echo -e "[sqreen]\ntoken: your token" > sqreen.ini

 

# Insert at the top of your app file (typically wsgi.py or app.py)

import sqreen

sqreen.start()

$ curl https://download.sqreen.io/java/sqreen-latest-all.jar -o sqreen.jar

 

// Add JVM startup options:

-javaagent:/path/to/sqreen.jar -Dsqreen.token={{your token}}

Build amazing products. Keep them safe.

3 min installation · Try all features for 14 days · No credit card required Sign up Request demo