Overview of Cisco Secure Application

The Overview page is the landing page for Cisco Secure Application. This page provides an overview of the security of a selected application. For information about selecting a specific application or service, see Monitor Application Security Using Cisco Secure Application. On the Overview page, you can view security details for Business Transactions, Vulnerabilities, Attacks, and Applications.

Business Transactions

The Business Transactions pane includes details to monitor the vulnerability risk of a Business Transaction.

Field Name	Description
Business Transaction	The name of the business transaction. To view the business transaction on the Splunk AppDynamics Controller, click the icon next to the name.
Business Transactions By Risk	The risk score. The higher the value, the higher the risk for the application vulnerability. Business risk is calculated based on the likelihood of vulnerability exploitation, and the impact of the potential exploitation in a business transaction. These are the three statuses: Normal 0-330, Warning 340-660, and Critical 670-1000.
Daily Highest Business Risk Score Detected	The highest business risk score detected by Business Risk Score, Warning Threshold, and Critical Threshold.
Top Recommended Actions	The top remediations that will reduce the most business risk across all of your business transactions.

Vulnerabilities

The Vulnerabilities pane includes a real-time trend graph that shows the number of both fixed and open vulnerabilities.

Chart	Description
Vulnerabilities By Severity	This chart displays visualization for the number of vulnerabilities based on these severity levels: Critical, High, Medium, and Low.
Severity Trend	This chart displays the number of open tickets versus the number of fixed tickets. This shows the trend of fixing the open vulnerabilities.
Days Since First Detected	This chart displays the number of days the vulnerability is open versus the severity of the vulnerability (critical, high, medium, or low).

Attacks

The Attacks pane includes the visualization for the number of attacks.

Chart

Description

Attacks By Outcome

This chart represents the total number of attacks. This chart displays the number of attacks based on these states: Exploited, Blocked, and Attempted.

Top Applications

This chart displays the top 10 applications based on attacks per application. For more information about changing the scope of the application, see Monitor Application Security Using Cisco Secure Application. These applications are in either an Exploited, Blocked, or Attempted state. You can hover over each state to view the total number.

Top Attack Types

This chart displays the top attack types. Attack types include:

DESERIAL: The agent detected a Java class deserialization event.
SQL: The agent detected a known SQL injection signature event.
RCE: The agent detected a remote code execution event.
LOG4J: The agent detected a Log4Shell attack.
SSRF: The agent detected a server side request forgery event.
MALIP: The agent detected either an inbound, or outbound socket connection to a known malicious IP address.

Applications

The Applications pane includes the number of nodes of the managed applications.

Chart	Description
Active	The total number of APM nodes that are registered and active in the Splunk AppDynamics Controller.
Supported	The number of Active nodes that are running a Cisco Secure Application supported version of the agent.
Ready	The number of Supported nodes that send information to the Cisco Secure Application service.
Enabled	The number of Ready nodes that have a Security Setting value of Enable.
Secured	The number of Enabled nodes that are sending security insights to the Cisco Secure Application service.
Trend	This displays the number of Supported, Enabled, Secured, Active, and Ready nodes against the day of the month.

You can click the Export button to download the table data. It downloads all of the rows, columns, and related data in a .csv file. A separate .json file includes the following: link to the Cisco Secure Application website where the table is exported from, global filters (if any) applied to the pages, and search filters applied to the columns. These two files are compressed into a .zip file for downloading. The maximum number of rows that can be exported is 10,000. If table data exceeds 10,000 rows you may apply filters to narrow your search, or export the first 10,000 results.