Add a Security Group

Each of your applications requires their own security group.

A security group is a collection of web applications and/or serverless functions sharing a common set of policies. The security group can include multiple instances of an application, multiple applications, and/or serverless functions.

Each group has a key and a secret that is used to integrate the agent and protect your application. The key and secret authenticate and authorize an agent as being associated with the security group.

If you are protecting a DaemonSet for Kubernetes, you do not need to add a group. A group was automatically created for you when you used Container Security to enable runtime protection. Instead, skip ahead to Install a DaemonSet

Add a Group

  1. Select Create New Group on the left side of the dashboard. You will be navigated to the Group Creation page. Screenshot
  2. Choose a unique name and select Create Group. Screenshot

Group names are case-insensitive. The group name name-group and NAME-GROUP are considered identical, therefore you can use only one of these group names at a time.

When you add a group, Application Security automatically creates a default policy and associates that policy with the group. You can modify the policy later.

View and modify Group configurations

To view and/or modify a group, select on the group settings icon within the group box in the left navigation. You will be navigated to the Group Configuration page.

Screenshot

This page includes:

  • the group status
  • the group name
  • when the group was created
  • the key
  • the secret

The key and secret are necessary in the agent configuration, in order to authenticate the agent and associate it with a security group.

Group status

A group's status can be found in two places:

  • to the left of the group name in the group configuration page.
  • to the left of the group button in the left navigation.

Group status is divided into five categories:

  • Attacked in yellow: attacks have occurred in the last 30 minutes
  • Attacks in red: attacks have occurred in the last 5 minutes
  • Connected in green: a group's agent synced with the service in the last minute
  • Not Connected in grey: the group's agent hasn't synced for over 1 minute. Note that the application might still be protected even if the status is grey, since the grey status represents only that the agent hasn't synced in the last minute.
  • Never Connected in white: the group's agent never synced with the service, since the group's creation.

Group status is based on recent activity.

Status can be unreliable for Lambda groups because the status is not updated when a function is not being invoked. This can result in a Lambda group appearing to be not connected (grey status) despite a good connection.

Delete a Group

To delete a group, select Delete Group, then select Delete in the confirmation dialogue. Screenshot