Sqreen Quick Start¶ What is Sqreen?¶ Sqreen monitors your application security and helps protect you from critical vulnerabilities and advanced attacks. It only takes installing a single library in your application to get started, so you can go from zero to protected in minutes and start seeing value right away. In this guide, we’re going to walk through installing and setting up Sqreen in your environment. Step one: create a Sqreen account¶ The first step to protecting and monitoring your web apps is to sign up for Sqreen and create a free account. This gives you a 14 day free trial -- no need for an NDA or screening call. Signing up will give you access to the platform and a unique organization token will be automatically generated for you. This token is used to identify your entire organization, and is the same across all of the applications you deploy. In the Sqreen platform, under “Getting Started”, you will get access to a product onboarding guide and a demo application you can use to see Sqreen in action. Step two: install the Sqreen microagent¶ Sqreen is an agent-based solution that is simple to install. It’s just a matter of adding a single library to your application. To connect a new application from your dashboard, click on “Select an application”, and on “Connect a new application.” Installing Sqreen is straightforward for any programming language we support. Sqreen will guide you through the install for your language within the dashboard. Here are the few steps you need to take to install Sqreen for each language we support today: Node.js install instructions Ruby install instructions PHP install instructions Python install instructions Go install instructions Java install instructions Heroku user? If you use Heroku, you can implement Sqreen as a security add-on from the Heroku marketplace instead! What happens after installing the Sqreen agent¶ Once you install Sqreen, configuration happens automatically to save you time and get your application security up and running faster. With Sqreen deployed on your application, Sqreen’s Smart Stack Detection will detect the specifics of your database, framework, or template rendering engine and automatically configure a comprehensive set of security and protection modules based on them. By default, all protections start in Log-only mode, so you won’t block requests until you’re ready. There’s no need to configure anything yourself to get the protections and monitoring needed to secure your application. However, you can review the status of your protection, explore the details of the different protections, switch them from Log-only mode to Blocking, or configure any rule to fit your needs in your Protection page. Of course, almost all of Sqreen is customizable and configurable if you’d like to drill deeper into your security. Step three: deploy to production¶ Sqreen is designed to deliver security in depth in production environments. Production assets are the most critical ones to protect, given the data they hold. Sqreen provides runtime security to ensure that your production environments are protected in real time. Sqreen ensures high availability and minimal performance impact to make this a reality. Once you validate this with your application, and you’ve tested Sqreen in your test environment, the next step is to deploy Sqreen to production and restart your application. Testing Sqreen¶ There are many ways to test Sqreen, and depending on your use cases and environment, you’ll want to explore different things. One smart thing to test is how Sqreen responds to a security incident in your application. If you’d like to simulate an incident, here are instructions on how to do so. Step four: enable Blocking mode (optional)¶ Sqreen automatically deploys all security protections in Log-only mode. This makes sure that you don't start blocking requests until you're clear on the types of requests you want to block. In order to block critical attacks and prevent the exploitation of potential vulnerabilities, it’s strongly recommended that you review your protection modules and switch the ones that you want to actively block attacks to Blocking mode, after you have spent some time monitoring traffic in Log-only mode and feel ready to do so. A good starting point is to switch your RASP to Blocking mode and have your In-App WAF in Log-only mode. Beyond this, the best way to determine which protections to switch to Blocking mode is to evaluate your attack log and security incidents after Sqreen has gathered enough data. These will tell you the sorts of attacks and security events that are happening in your application. From here, you can set Blocking mode for the types of incidents you want to block. To review your protections, click on the Protection page and select the module you want to review or switch from Log-only to Blocking. Onboarding in Sqreen¶ By default, Sqreen configures your application security and protects your applications. Beyond the initial setup, there is a lot you can do in terms of creating advanced protection, integrations, and getting visibility. Here are some recommended steps: Set up user monitoring¶ With user monitoring in Sqreen, you can get new levels of visibility into your user’s actions. By going beyond IP-based visibility that network level solutions provide, you can: Track suspicious activities performed by authenticated users. Authenticated access offers a wider surface attack, with the ability to query most of the endpoints (application backend services). Monitoring these activities is key to identifying attackers early. Protect your users against account takeovers. Detect automated credential stuffing attacks and human-powered account takeovers to avoid sensitive data leaks or compromised users. If you use one of the following libraries, user monitoring is automatically configured for you: Devise for Ruby Django for Python Passport for Node.js If you're not using one of the above libraries, you will need to integrate Sqreen’s SDK into your application to set up user monitoring. Here are the instructions for your language: Node.js user monitoring Ruby user monitoring PHP user monitoring Python user monitoring Go user monitoring Java user monitoring Protect your business logic with Playbooks¶ Beyond covering vulnerabilities in code or third-party libraries, Sqreen also enables you to monitor and protect against business logic attacks and whichever security situations matter most for the specifics of your business. Playbooks allow you to easily automate custom security rules without having to redeploy your app. Use built-in events (automatically tracked by Sqreen) or custom events (tracked using Sqreen's event SDK, once implemented), select a threshold, and define how Sqreen should respond (e.g. block IPs or users). A set of playbooks is enabled by default. You can review or edit those playbooks in the Playbooks section. To create a new playbook, click on the “Create a playbook” button. Then design your playbook with the following steps. Create the trigger¶ This is the set of conditions that Sqreen will look for in order to implement the response you designate. Design your trigger for the behavior or situation you want to have trigger a security response: Designate the security response¶ Select the response you’d like Sqreen to enact when it detects a trigger, if any: Choose your notification¶ If you’d like, you can dictate what sort of alert you’d like to receive when this playbook is activated. You can get Slack messages, post to a webhook, and determine how frequently you’re alerted. To review an example of a playbook, take a look at the password reset abuse playbook. Integrate Sqreen with Slack and webhooks¶ Integrate Sqreen with your workflow to ensure that you can get alerts in real time when security incidents occur or to send security signals to other tools. For example, you can create a security channel in Slack and integrate it with Sqreen to receive alerts with links to incidents whenever critical attacks happen. You could also leverage webhooks to integrate with systems like your SIEM, or set up more granular actions like automatically sending emails to users under specific conditions. To set up your Slack and webhook integrations, go to your settings, then click on the integrations tab. For detailed information, read further on the Slack integration, the New Relic Insights integration, and Sqreen webhooks Invite your teammates¶ Sqreen is better with friends! To invite your teammates to Sqreen, click on your Account, then “Team Members.” The “Invite a team member” button in the upper right will allow you to send an invitation email to your teammates. Wrap up¶ This guide has covered how to get up and running with Sqreen. Right out of the box, Sqreen will give you automatic protection and application security from inside your applications. From there, you can configure any protection within Sqreen and create specific playbooks for handling your unique security situations. At Sqreen, we believe in democratizing security. Security should be transparent, open, and understandable. With Sqreen’s ASM platform, you can ensure that your application security has multiple layers of protection in an automated and easy to understand manner. To get started today, sign up for a free trial of Sqreen and create your account.