Monitor Business Transactions

This page includes details to monitor the vulnerability risk of a Business Transaction. A business transaction is a path a request takes within an application to deliver the service it promises.

Cisco Secure Application maps security vulnerability events to applications, tiers, and nodes. To get more specific information about the business risk of the events, Cisco Secure Application correlates vulnerabilities to business transactions. This enables you to prioritize what is required to triage, mitigate and remediate, which reduces risk exposure to the business.

You can use the Search filter for the Business Transaction, Application, and Entry Tier categories. For more information about the Search filter, see View Data Using Search Filter in Monitor Application Security Using Cisco Secure Application.

Business Transactions page:

This page includes the following details:

Field Name	Description
Business Transaction	The name of the business transaction. To view the business transaction on the AppDynamics Controller, click the icon next to the name.
Application (Tiers)	The application name and the number of tiers that are part of the business transaction for the application. To view the application on the AppDynamics Controller, click the icon next to the name.
Entry Tier	The tier from which the transaction originates. To view the tier on the AppDynamics Controller, click the icon next to the name.
Risk	The risk score. The higher the value, the higher the risk for the application vulnerability.
Vulnerabilities	The number of vulnerabilities detected is based on their severity. Critical High Medium Low The color-coded icons represent these severities.
Attacks	The number of attacks based on their status: Exploited, Blocked, Attempted.

You can click the Export button to download the table data. It downloads all of the rows, columns, and related data in a .csv file. A separate .json file includes the following: link to the Cisco Secure Application website where the table is exported from, global filters (if any) applied to the pages, and search filters applied to the columns. These two files are compressed into a .zip file for downloading. The maximum number of rows that can be exported is 10,000. If table data exceeds 10,000 rows you may apply filters to narrow your search, or export the first 10,000 results.

View Business Transaction Details

To view details for a specific business transaction, click any business transaction on the Business Transactions page.

The top pane is split into the following sections:

DETAILS
VULNERABILITIES BY SEVERITY
TIERS WITH HIGHEST RISK
- This displays up to five tiers with the highest security risk. The tiers displayed are in the order of the most severe vulnerabilities that affect the risk of the business transaction.
ATTACKS BY OUTCOME.

Selecting either a severity or a tier in the top pane automatically creates a filter for the vulnerabilities details mentioned in the bottom pane.

Vulnerabilities Tab

The bottom pane displays the vulnerabilities found in the selected business transaction.

Field Name	Description
Severity	The severity of the vulnerability.
Reached	A yellow icon is displayed in this column to indicate that a vulnerability method is matched.
Risk	The risk score of the vulnerability. This helps in prioritizing the affected services. A higher risk score indicates that the corresponding library on the related service is at a higher risk.
Title	The vulnerability type involved in the business transaction.
ID	The Common Vulnerabilities and Exposure (CVE) identifier. You can click the name to view the details specific to that CVE.
Tier (Nodes)	The services or the tiers that are affected because of the selected vulnerability. The number indicates the number of affected nodes. The tier icon directs to the AppDynamics flow map for that tier.
Library	The library affected because of the vulnerability. You can click the library to view the details of the library. See Monitor Libraries.
Last Detected	The time duration since the vulnerability was last seen on the tier.
Status	The status of the selected vulnerability. The status value can be: Detected (at least one vulnerability is detected in the library) Confirmed (manually set by user after review) Fixed (vulnerability is fixed) Ignored (manually set by user after review) Not Vulnerable (no vulnerabilities are found in the library) The Detected and Fixed statuses are automatically detected based on the libraries used in the application.

You can click the Export button to download the table data. It downloads all of the rows, columns, and related data in a .csv file. A separate .json file includes the following: link to the Cisco Secure Application website where the table is exported from, global filters (if any) applied to the pages, and search filters applied to the columns. These two files are compressed into a .zip file for downloading. The maximum number of rows that can be exported is 10,000. If table data exceeds 10,000 rows you may apply filters to narrow your search, or export the first 10,000 results.

Attacks Tab

Name	Description
ID	The ID of the corresponding Attack. Cisco Secure Application generates this ID. You can modify this ID on the attacks details page. To view the attack details page, click the desired row. Click this field to sort the ID alphabetically.
Outcome	The outcome of the corresponding attack. This provides information on these state of the attack: Observed: When the events may impact the security, but any malicious intent is not determined. For example, an application opening a file outside the application directory causes Observed state. Blocked: When the events are blocked based on the attack policy. Exploited: When malicious activity is performed to impact the application's security. Attempted: When the malicious activity is determined but not exploited. Click this field to sort the values alphabetically.
Attack Type (Events)	The type of the attack and count of that attack type.
Attack Trigger	Relevant information from the runtime behavior resulting from the event where Secure Application determined a potential attack.
Application	The application affected by the attack.
Tier	The tier name and the number of nodes. You can click to launch the application flowmap in the Appdynamics Dashboard. The info icon () next to an affected tier indicates that the attacked nodes in the tier include critical or medium vulnerability.
Last Detected	The time that is elapsed since the last event within the attack. Click this field to sort the values in ascending or descending order.
Status	The status of the attack is defined as either open or closed. If you have Configure permissions, click the checkboxes for the required rows and then click the Set Status option to set the appropriate status. Click this field to sort based on the Open or Closed state.