Download PDF
Download page Monitor Business Transactions.
Monitor Business Transactions
This page includes details to monitor the vulnerability risk of a Business Transaction. Cisco Secure Application evaluates the risk of a business transaction using an algorithm that factors in exposure to the internet, access to potentially sensitive data, usage of vulnerable libraries, reached vulnerable code, prediction of vulnerability exploitation, unsafe external APIs, and runtime threat activity. These factors enable you to prioritize what is required to triage, mitigate, and remediate, which reduces risk exposure to the business.
You can use the Search filter for the Business Transaction, Application, and Entry Tier categories. For more information about the Search filter, see View Data Using Search Filter in Monitor Application Security Using Cisco Secure Application.
This page includes the following details:
| Field Name | Description |
|---|---|
| Business Transaction | The name of the business transaction. To view the business transaction on the AppDynamics Controller, click the icon next to the name. |
| Application (Tiers) | The application name and the number of tiers that are part of the business transaction for the application. To view the application on the AppDynamics Controller, click the icon next to the name. |
| Entry Tier | The tier from which the transaction originates. To view the tier on the AppDynamics Controller, click the icon next to the name. |
| Business Risk | The Business Risk algorithm is calculated based on the likelihood of vulnerability exploitation, and the impact of the potential exploitation in a business transaction. These are the three statuses for a Business Risk: Normal 0-330, Warning 340-660, and Critical 670-1000. The higher the value, the higher the risk for the application vulnerability. |
| Total Vulnerabilities | The number of vulnerabilities detected is based on their severity.
The color-coded icons represent these severities. |
| Total Attacks | The number of attacks based on their status: Exploited, Blocked, Attempted. |
You can click the Export button to download the table data. It downloads all of the rows, columns, and related data in a .csv file. A separate .json file includes the following: link to the Cisco Secure Application website where the table is exported from, global filters (if any) applied to the pages, and search filters applied to the columns. These two files are compressed into a .zip file for downloading. The maximum number of rows that can be exported is 10,000. If table data exceeds 10,000 rows you may apply filters to narrow your search, or export the first 10,000 results.
View Business Transaction Details
To view details for a specific business transaction, click any business transaction on the Business Transactions page. The top pane is split into the following sections:
- Business Risk Score, which includes six Business Risk Factors:
- Vulnerabilities with High Exploitation Risk: Identifies business transaction vulnerabilities with Kenna score > 66.
- Threat Activity: Identifies business transaction security events that match known attack types see Monitor Attacks, or can impact the security but any malicious intent is not determined, see Monitor Observations.
- Usage of Unsafe External API: Identifies uses of external APIs that are unsafe.
- Important Business Transaction: Identifies a business transaction that has a custom name.
- Access to Datastore: Identifies a business transaction that has access to a datastore.
- Publicly Accessible: Identifies a business transaction that is accessible from the internet.
- Business Transaction
- Application
- Entry Tier
- Daily Highest Business Risk Score Detected
- Top Recommended Actions
Vulnerabilities Tab
The bottom pane displays the vulnerabilities found in the selected business transaction.
| Field Name | Description |
|---|---|
| Title | The vulnerability type involved in the business transaction. |
| ID | The Common Vulnerabilities and Exposure (CVE) identifier. You can click the name to view the details specific to that CVE. |
| Kenna Score | Kenna score provides an estimate of exploitation based on real-time events. These are the three statuses: Green 0-33, Amber 34-66, Red 67-100. |
| Reached | If there is an exclamation mark in this column, it means this vulnerable code has been reached. |
| CVSS Score | This score is based on the Common Vulnerability Scoring System (CVSS) with five severities: None 0-0, Low 0.1-3.9, Medium 4.0-6.9, High 7.0-8.9, Critical 9.0-10.0. |
| Tier (Nodes) | The services or the tiers that are affected because of the selected vulnerability. The number indicates the number of affected nodes. |
| Library | The library affected because of the vulnerability. You can click the library to view the details of the library. See Monitor Libraries. |
| Last Detected | The time duration since the vulnerability was last seen on the tier. |
| Status | The status of the selected vulnerability. The status value can be:
The Detected and Fixed statuses are automatically detected based on the libraries used in the application. |
Attacks Tab
| Name | Description |
|---|---|
| ID | The ID of the corresponding Attack. Cisco Secure Application generates this ID. You can modify this ID on the attacks details page. To view the attack details page, click the desired row. Click this field to sort the ID alphabetically. |
| Outcome | The outcome of the corresponding attack. This provides information on these state of the attack:
Click this field to sort the values alphabetically. |
| Attack Type (Events) | The type of the attack and count of that attack type. |
| Attack Trigger | Relevant information from the runtime behavior resulting from the event where Secure Application determined a potential attack. |
| Tier | The tier name and the number of nodes. You can click |
| Last Detected | The time that is elapsed since the last event within the attack. Click this field to sort the values in ascending or descending order. |
| Status | The status of the attack is defined as either open or closed.If you have Configure permissions, click the checkboxes for the required rows and then click the Set Status option to set the appropriate status. Click this field to sort based on the Open or Closed state. |
API Findings Tab
| Name | Description |
|---|---|
| Panoptica Findings | These findings are the vulnerabilities associated with the API. |
| Category | The category that the enlisted weakness, or vulnerability belongs to. For example, DNS, Network, etc. |
| Severity | The severity level of the API Security Findings, which can have a status of Critical, High, Medium, Low, or Unclassified. |
| API Name | The API name, usually a fully qualified domain name (FQDN). This can be logical, or can correspond to one of the endpoints where the API is reachable. For example, api.webex.com. |
| Tier | The tier name from in the business transaction chain that is making the API calls. |
You can click the Export button to download the table data. It downloads all of the rows, columns, and related data in a .csv file. A separate .json file includes the following: link to the Cisco Secure Application website where the table is exported from, global filters (if any) applied to the pages, and search filters applied to the columns. These two files are compressed into a .zip file for downloading. The maximum number of rows that can be exported is 10,000. If table data exceeds 10,000 rows you may apply filters to narrow your search, or export the first 10,000 results.