forked from pivotal-cf/docs-signal-sciences
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathusing.html.md.erb
49 lines (34 loc) · 3.1 KB
/
using.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
---
title: Using Signal Sciences Service Broker for VMware Tanzu
owner: Partners
---
This topic describes how to use Signal Sciences Service Broker for VMware Tanzu.
##<a id='enable-agent'></a> Enable the Agent for Your App
To use the [Signal Sciences](http://signalsciences.com) service with your app,
you must first enable the Signal Sciences agent that runs within the app.
### Overview
The Signal Sciences Agent does the following:
* Monitors and protects Cloud Foundry apps
* Provides attack and anomaly visibility through the [Signal Sciences Dashboard](https://dashboard.signalsciences.net)
### Enable
To enable the Signal Sciences agent with your app, the `SIGSCI_ACCESSKEYID` and `SIGSCI_SECRETACCESSKEY` environment variables must be set. All languages and frameworks are supported.
1. Set the agent keys environment variables of your app using `cf set-env`:
* Agent keys, which can be obtained from the *Agents* page in the [Signal Sciences Dashboard](https://dashboard.signalsciences.net/)
* `cf set-env MyAppName "SIGSCI_ACCESSKEYID" "1234-EXAMPLE"`
* `cf set-env MyAppName "SIGSCI_SECRETACCESSKEY" "ABCD-EXAMPLE"`
* **Optional Agent Configuration**
* `SIGSCI_SERVER_HOSTNAME` - Specify a specific hostname for each agent. This is what gets displayed in the Signal Sciences Dashboard UI, and it should be a unique name per instance.
* `SIGSCI_AGENT_VERSION` - By default the latest version of the Signal Sciences agent will be installed. To specify a different version set the `SIGSCI_AGENT_VERSION` environment variable to the desired version number.
* `SIGSCI_REQUIRED` - By default, if the Signal Sciences agent fails to start (e.g. invalid agent keys), this will not prevent the app from starting. To ensure your app is not started without Signal Sciences set `SIGSCI_REQUIRED` environment variable to `true`.
* For a complete list of agent configuration options, see the agent configuration documentation, [https://dashboard.signalsciences.net/documentation/installation/agent-configuration](https://dashboard.signalsciences.net/documentation/installation/agent-configuration).
1. Ensure your app process obtains its listening port from the `$PORT` environment variable.
Typically, this does not require any changes to your app.
1. When deploying your app, you must include the Signal Sciences buildpack before the final buildpack. For example, if MyAppName is a go app:
* `cf push MyAppName -b sigsci_cloudfoundry_buildpack -b go_buildpack`
##<a id='use-dashboard'></a> Use the Signal Sciences Dashboard
With Signal Sciences enabled, every time your app is deployed and running,
you have visibility into common web attacks and anomalies via the [Signal Sciences Dashboard](https://dashboard.signalsciences.net/).
In the Dashboard, you can enable blocking to protect your app from attacks like SQL Injection,
Cross-Site Scripting, Directory Traversal, Command Execution, etc.
Also, by leveraging Signal Sciences custom signals you can enable visibility and protection over the business risks associated
with your app, e.g. Account Takeover, High Risk Transactions, Vulnerability Discovery, and Policy Validation.