Security Hub

Bring your software development workflows to security

icon-targeted

Targeted attack

Signals & Triggers

On request
If an IP has performed malicious requests

Actions

  • Send a slack notification Send a Slack notification
  • Send an email notification Send an email notification
  • POST to webhook

Details

Once an attacker managed to breach your system, it’s probably too late to take countermeasures. While Sqreen protects your application against the riskiest vulnerabilities, an attacker may find business logic flaws that allow to perform non-authorized actions.

Sqreen detects when an attacker starts to fingerprint an application and leaks information about your application stack.

By collecting and correlating various signals, this plugin will raise the red flag as soon as an actor starts to perform unusual activities.

Advanced details

Every 15 minutes, we look back at IP activity for the last 24 hours:

  • the number of malicious requests (security scanners, bots, injections attempts matched by OWASP CRS)
  • the total number of authentications
  • the number of failed authentications

For each IP activity history we check:

  • If malicious requests were performed
  • For an important ratio of failed authentications
  • Hints of non automated activity

If the signals keep repeating during a period of time (long enough not to be an automated scan) we raise the trigger.

Language support

  • Ruby
  • Node.js
  • PHP
  • Python
  • Java

Data collected by Sqreen

Signals
  • Authentications (Sqreen SDK)

On attack
  • Malicious requests
  • Attacker IP
  • Attacker account (Sqreen SDK)

Built for developers and modern apps

Get up and running in minutes just by installing our lightweight library. Enable plugins in just a couple of clicks.

  • Node.js
  • Ruby
  • PHP
  • Python
  • Java
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9

$ npm install --save sqreen

$ echo '{ "token": "your token" }' > sqreen.json

 

// This should be the first line of your app

require('sqreen');

$ echo "gem 'sqreen'" >> Gemfile

$ bundle install

$ echo "token: your token" >> config/sqreen.yml

$ curl -s https://8dc0b36f0ea6f2f21b721765e10a7e02768cd1825b4551f4:@packagecloud.io/install/repositories/sqreen/sqreen/script.deb.sh | bash

$ apt-get install --no-install-recommends sqreen-agent sqreen-php-extension

$ /usr/lib/sqreen/sqreen-installer config {your token}

$ pip install sqreen

$ echo -e '[sqreen]\ntoken: your token' >> sqreen.ini

 

# Insert at the top of your app file (typically wsgi.py or app.py)

import sqreen

sqreen.start()

$ curl https://download.sqreen.io/java/sqreen-latest-all.jar -o sqreen-latest-all.jar

 

// Next, edit the JVM startup file:

-javaagent:/path/to/sqreen-agent.jar -Dsqreen.token={{your token}}

Build amazing products. Keep them safe.

3 min installation · Try all features for 7 days · No credit card required Get started Request demo