Download PDF
Download page Troubleshooting Cisco Secure Application Issues.
Troubleshooting Cisco Secure Application Issues
This page provides common troubleshooting actions that you can take to solve Cisco Secure Application issues.
Cisco Secure Application Permissions Are Unavailable in the Role Configuration
- Check if the Controller version meets the requirements. See Cisco Secure Application Requirements.
- If the permissions are unavailable even when the Controller version is supported, ensure that you have activated the Cisco Secure Application license for the Controller. To get a Cisco Secure Application license, contact the AppDynamics sales representative, or email salesops@appdynamics.com.
Security Events Widget Is Not Displayed in an Application Flow Map
- You can view the Security Events widget after the license activation. Ensure that you have the Cisco Secure Application license. To get a Cisco Secure Application license, contact the AppDynamics sales representative, or email salesops@appdynamics.com.
- If the widget is not displayed even when the license is activated, then confirm with the administrator that the account has the necessary permissions to view or configure Cisco Secure Application. See Account Permissions.
Number of Registered Nodes and Active Nodes Does Not Match
On the Applications page, drilldown in the application to identify the inactive node. Check the APM agent logs on the inactive node(s). See Troubleshooting Java Agent Issues.
Vulnerabilities or Attacks Are Not Displayed on the Home, Vulnerabilities, or Attacks Page
- Ensure that the Security Setting is set to Enabled on at least one of the applications, tiers, or nodes within the Applications page. Also, that the agents are registered and active. See Monitor Security Status of Applications.
- If the vulnerabilities and attacks are not displayed even when the Security Setting is enabled, review the following troubleshooting scenarios to identify other potential issues.
Number of Enabled Nodes and Registered Nodes Does Not Match
- Check if the nodes that have Security Status set to Enabled use the APM Agent version that meets the requirements. See Cisco Secure Application Requirements.
- If the agent version is supported, then drilldown in the Application view to identify the unregistered node(s). Check the APM agent logs on the unregistered node(s). See Troubleshooting Java Agent Issues.
Security Setting is Enabled and No Libraries Are Listed
- Confirm that there are active nodes in the Application view. See Monitor Security Status of Applications.
- It is also possible that there are no third-party libraries used in the monitored applications.
Security Setting is Enabled and No Vulnerabilities Are Listed
- Confirm that there are active nodes in the Application view. See Monitor Security Status of Applications.
- Verify that there is a vulnerability policy enabled, and that it has an action of Detect or Patch for a monitored application with active nodes. See Cisco Secure Application Policies.
- It is also possible that there are no vulnerabilities within the third-party libraries used within the monitored applications or observed in the application behavior.
Security Setting is Enabled and No Attacks Are Listed
- Confirm that there are active nodes in the Application view. See Monitor Security Status of Applications.
- Verify that there is an attack policy enabled, and that it has an action of Detect or Block for a monitored application with active nodes. See Cisco Secure Application Policies.
- It is also possible that there are no attacks detected in the monitored applications.
The Applications Page Display the Node Not Active Message for an Active Node
The AppDynamics dashboard displays the node data even when the node is displaying as not active in the Cisco Secure Application Dashboard.
This issue may occur when there are multiple versioned Java Agent directories. The Java Agent can use the configuration from any one of the versioned directories while keeping the Jar file in the top-level (global) directory.
In this scenario, Cisco Secure Application may not consider the configuration from the same versioned directory. Therefore, to ensure that Cisco Secure Application library uses the configuration from the same versioned directory, update the version of the directory using this property:
- For updating as system property:
-Dmulti.tenant.agent.use.apm.config.version=<version-folder-name>Here, the version-folder-name is the required versioned directory name.
For example: -Dmulti.tenant.agent.use.apm.config.version=ver21.6.0.32672
- For updating as an environment variable:
MT_AGENT_USE_APM_VERSION_PROPERTY=<version-folder-name>Here, the version-folder-name is the required versioned directory name.
For example: MT_AGENT_USE_APM_VERSION_PROPERTY=ver21.6.0.32672