newrelic · cbehera-newrelic · Nov 19, 2024 · Nov 20, 2024
diff --git a/src/content/docs/iast/troubleshooting/application-stability-issues.mdx b/src/content/docs/iast/troubleshooting/application-stability-issues.mdx
@@ -0,0 +1,19 @@
+---
+title: Application stability issue
+tags:
+  - IAST
+  - New Relic IAST
+  - Troubleshooting
+metaDescription: Troubleshoot application stability issues in New Relic platform.
+freshnessValidatedDate: 2024-07-16
+---
+
+## Problem
+
+Your application isn't stable during high traffic and you are facing latency issues.
+
+## Solution
+
+Your application may show some latency for some time as part of IAST during high traffic. This should resolve within a few minutes after it finishes the IAST test.
+
+You can also check the snapshot log file in the `nr-security-home/logs/snapshots` folder. The log file shows you the status of the security agent, resource usage, and the last five errors.
diff --git a/...ast/troubleshooting/unable-to-detect-vulnerabilities-for-golang-application.mdx b/...ast/troubleshooting/unable-to-detect-vulnerabilities-for-golang-application.mdx
@@ -0,0 +1,44 @@
+---
+title: No vulnerabilities detected for Golang application
+tags:
+  - IAST
+  - New Relic IAST
+  - Troubleshooting
+metaDescription: Troubleshoot Golang application if no vulnerabilities are detected.
+freshnessValidatedDate: 2024-07-16
+---
+
+## Problem
+
+You don't see any vulnerability for your Golang application.
+
+## Solution
+
+- For Golang, ensure that you imported the required instrumentation packages of libraries and frameworks.
+
+    For example, your application is using libraries for [Mongo DB](http://go.mongodb.org/mongo-driver/mongo). For this specific library, you need to import this [instrumentation package](https://github.com/newrelic/csec-go-agent/tree/main/instrumentation/csec_mongodb_mongo) from newrelic:
+
+    ```
+    import (
+        "github.com/newrelic/go-agent/v3/integrations/nrsecurityagent"
+        "github.com/newrelic/go-agent/v3/newrelic"
+        "github.com/newrelic/csec-go-agent/instrumentation/csec_mongodb_mongo"
+        "go.mongodb.org/mongo-driver/mongo"               
+    )
+    ```
+
+    Depending on you application requierement, you might have to import additional packages. Check our [list of supported packages](https://github.com/newrelic/csec-go-agent#instrumentation-packages).
+
+    Also, make sure you imported the corresponding [package](https://github.com/newrelic/go-agent?tab=readme-ov-file#service-frameworks) for each module.
+
+    - For HTTP protocol endpoint, use the following `newrelic.WrapListen` function to enable vulnerability scanning against the endpoint:
+
+    ```
+    http.ListenAndServe(newrelic.WrapListen(":<YOUR PORT NUMBER>"), nil)
+    ```
+
+    <Callout variant="important">
+        You can skip this step if you're on a Linux environment.
+    </Callout>
+
+    - For a specific case of outbound HTTP request or calls to external services, you need to [update your application method](/docs/apm/agents/go-agent/instrumentation/instrument-go-segments/#go-external-segments).
diff --git a/src/content/docs/iast/troubleshooting/unable-to-find-known-vulnerabilities.mdx b/src/content/docs/iast/troubleshooting/unable-to-find-known-vulnerabilities.mdx
@@ -0,0 +1,35 @@
+---
+title: Unable to find known vulnerabilities 
+tags:
+    - IAST
+    - New Relic IAST
+    - Troubleshooting
+metaDescription: Unable to find known vulnerabilities 
+freshnessValidatedDate: 2024-07-16
+---
+
+## Problem
+
+I tested an application with known vulnerabilities, but IAST couldn't detect any vulnerability.
+
+
+## Solution
+
+IAST starts testing when it detects some traffic, so check if your application works out or has any traffic directed at it. Perform the app's UI or API endpoints. 
+Also, IAST requires restarting the application after it's enabled.
+
+
+Ensure that you are using a [supported application framework](https://docs.newrelic.com/docs/new-relic-solutions/new-relic-one/install-configure/compatibility-requirements-new-relic-agents-products/) and the [latest instrumentation package](https://github.com/newrelic/csec-go-agent#instrumentation-packages) for your application. 
+
+
+## Cause
+
+These are the possible reasons IAST isn't detecting any known vulnerabilities:
+
+    - IAST doesn't support application framework.
+
+    - There is no instrumentation for the module.
+
+    - The agent hasn't been restarted after IAST has been installed or configured.
+
+    - No traffic is detected.
diff --git a/src/content/docs/iast/troubleshooting/unable-to-see-application.mdx b/src/content/docs/iast/troubleshooting/unable-to-see-application.mdx
@@ -0,0 +1,39 @@
+---
+title: Unable to see application
+tags:
+    - IAST
+    - New Relic IAST
+    - Troubleshooting
+metaDescription: Unable to find my application in the New Relic UI. 
+freshnessValidatedDate: 2024-07-16
+---
+
+## Problem
+
+I don't see my application in the New Relic UI.
+
+
+
+## Solution
+
+    If you don't see your application in <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > All Tests**</DNT>, check the following:
+
+    - Your application is up and running. Check the application process or the [APM & Services page](/docs/alerts-applied-intelligence/new-relic-alerts/advanced-alerts/advanced-techniques/view-events-their-products#products). 
+    - The application's logs to find out if there's a problem.
+    - The version of your APM agent and udpate it if needed.
+    - The `newrelic.yml` config file includes the modification of the parameters as indicated on the [install page](/docs/iast/install).
+    - Go to the `nr-security-home/logs` directory and find the `[SETP-8]` line in the `LANGUAGE-security-collector-init.log` file. Check if there is an unexpected error and check what failed.
+    - The application has traffic. Generate some traffic to allow IAST to test your application.
+    - Proxy or firewall blocking access. Whitelist the following IPs `3.134.136.130, 18.219.177.104, 18.117.21.106` for the domain <DNT>**csec.nr-data.net**</DNT>, the following IPs `3.130.22.102, 3.138.243.136, 3.139.218.150` for the domain <DNT>**csec-gov.nr-data.net**</DNT> and the following IPs `18.185.235.118, 3.125.193.113, 3.75.166.122` for the domain <DNT>**csec.eu01.nr-data.net**</DNT>. But our recommendation is to add domains in the whitelist instead of the IPs as these IPs are bound to change anytime.
+    - The TLS certificate is correct. Add Let's Encrypt CA certificate (download from [Let's Encrypt Certificates](https://letsencrypt.org/certificates/#root-certificates)) to your local trust store. Include both the root certificates and the intermediate ones (ISRG Root X1 & Let's Encrypt R3) to establish the complete chain of trust.
+    - Your application's framework or vulnerability category is supported.
+
+## Cause
+
+Possible reasons for not finding your application in the New Relic UI are:
+* A wrong version of the APM agent.
+* IAST flags being disabled.
+* Proxy or Firewall blocking access.
+* Wrong TLS Certificate. 
+* Lack of traffic on the application.
+* Any unexpected error.
diff --git a/src/content/docs/iast/troubleshooting/unable-to-see-vulnerabilities.mdx b/src/content/docs/iast/troubleshooting/unable-to-see-vulnerabilities.mdx
@@ -0,0 +1,31 @@
+---
+title: Unable to find expected vulnerabilities in the UI
+tags:
+  - IAST
+  - New Relic IAST
+  - Troubleshooting
+metaDescription: Troubleshoot errors if you don't see the vulnerabilities in New Relic platform.
+freshnessValidatedDate: 2024-07-16
+---
+
+## Problem
+you can see your application in the New Relic UI and the security agent successfully started IAST, but you don't see vulnerabilities in the UI.
+
+## Solution
+
+If this is a new app, firewalls could be preventing it from communicating with the New Relic platform. Check the service stats section in the file with the latest timestamp in `nr-security-home/logs/snapshots`. All six items in that list should say OK. If they don't, review the logs for more info or reach out to [New Relic Support](https://support.newrelic.com). You can also see the [standard firewall documentation](/docs/new-relic-solutions/get-started/networks/).
+
+
+If you have configured your firewall correctly, check the following:
+
+  * **The level of efficiency for your application:** Go to <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > All Tests**</DNT>. Search for your application and check the summary section. If IAST analysis coverage is low for your application, add more test cases to your application to get a higher level of testing efficiency.
+
+  * **The IAST coverage:** Go to <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > All Tests**</DNT>. Search for your application and click to view the summary section. Under the summary section, check if IAST analysis coverage is high and no vulnerabilities are detected, that means your application is secure.
+
+  * **Your application is secure:** In this case, check your IAST analysis coverage in <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > All Tests**</DNT>. Search for your application and check the summary section. If IAST Analysis coverage is 100% and no vulnerabilities are detected, that means your application is secure.
+
+  * **Your web socket connection is broken:** Please check the latest log file in your `nr-security-home/logs/snapshots/` folder, and look for the `Service stats -> websocket` line. The expected value is OK.
+
+  * Your application's framework or vulnerability category isn't supported. 
+
+  After checking these, if you don't see vulnerabilities in IAST, please contact [New Relic Support](https://support.newrelic.com/s/) and share your application's configuration and logs with our support team. 
diff --git a/src/content/docs/iast/troubleshooting/unresponsive-or-crashing-application.mdx b/src/content/docs/iast/troubleshooting/unresponsive-or-crashing-application.mdx
@@ -0,0 +1,23 @@
+---
+title: Unresponsive or crashed application
+tags:
+    - IAST
+    - New Relic IAST
+    - Troubleshooting
+metaDescription: Troubleshooting unreponsive or crashed application.
+freshnessValidatedDate: 2024-07-16
+---
+
+## Problem
+
+After enabling IAST for your APM agent, your application becomes unresponsive and the application crashes.
+
+
+## Solution
+
+IAST analysis can expose uncaught errors or exceptions in your application.
+If the application has crashed due to lack of resources, increase the resources, restart the application, and perform IAST again.
+
+## Cause
+
+As a part of IAST, the security agent sends new requests to the application that increases the load, resulting in an increase in resource usage.
diff --git a/src/content/docs/iast/troubleshooting/unsure-of-agent-working.mdx b/src/content/docs/iast/troubleshooting/unsure-of-agent-working.mdx
@@ -0,0 +1,26 @@
+---
+title: Unsure whether the agent is working properly
+tags:
+    - IAST
+    - New Relic IAST
+    - Troubleshooting
+metaDescription: I'm not sure if IAST is working 
+freshnessValidatedDate: 2024-07-16
+---
+
+
+## Problem
+
+I can see my application in the IAST UI and the security agent started successfully but I am not sure if IAST is working properly.
+
+
+## Solution
+
+
+    1. Go to <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > Tests**</DNT>.
+
+    2. Search for your application in the <DNT>**Application tests**</DNT> tab and click on it.
+
+    3. View the details of the test including <DNT>**APIs covered**</DNT>, <DNT>**methods calls**</DNT>, and <DNT>**application testing efficiency**</DNT>.
+
+    Also, if you set the log level to <DNT>**debug/finest**</DNT>, you can search for <DNT>**Fuzz request received**</DNT> in the `nr-security-home/logs/java-security-collector.log` file. This shows that the IAST analysis is in progress.
diff --git a/src/content/docs/iast/troubleshooting/viewing-false-vulnerabilities.mdx b/src/content/docs/iast/troubleshooting/viewing-false-vulnerabilities.mdx
@@ -0,0 +1,28 @@
+---
+title: Viewing false positive vulnerabilities
+tags:
+    - IAST
+    - New Relic IAST
+    - Troubleshooting
+metaDescription: Viewing false positive vulnerabilities for my application. 
+freshnessValidatedDate: never
+---
+
+## Problem 
+
+I see a vulnerability that isn't an actual vulnerability (false positive) for my application.
+
+## solution
+
+Update the status of your vulnerability if you think IAST has reported a false positive. Follow these steps:
+
+- Search your application: Go to <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > All Tests**</DNT>.
+
+- Click on the all applications tab and select the vulnerability that isn't an actual vulnerability.
+
+- Under the vulnerability details section, you can update the vulnerability status for the reported vulnerability. You can update its status to:
+    - False positive
+    - Resolved
+    - Unresolved
+
+- If you want to list out the vulnerabilities for which you updated the status, you can apply the filter in the detected exploitable vulnerabilities list.
diff --git a/src/content/docs/iast/troubleshooting/viewing-unknown-files-and-directories.mdx b/src/content/docs/iast/troubleshooting/viewing-unknown-files-and-directories.mdx
@@ -0,0 +1,22 @@
+---
+title: Seeing unknown files in the application directory
+tags:
+    - IAST
+    - New Relic IAST
+    - Troubleshooting
+metaDescription:  Remove unknown files from the application directory
+freshnessValidatedDate: 2024-07-16
+---
+
+## Problem
+
+I see unknown files and directories in my application directory and want to remove these.
+
+## Solution
+
+If your application has the functionality to create files and directories as part of serving an HTTP request, IAST will try to test the code path and hence, create such files and directories. 
+The application code, under the influence of incoming HTTP requests, creates these files. The agent can't deleted them.
+
+If you're sure that none of your APIs can create files and directories, share your application's configuration and logs with [New Relic Support](https://support.newrelic.com).
+
+
diff --git a/src/nav/iast.yml b/src/nav/iast.yml
@@ -15,8 +15,26 @@ pages:
         path: /docs/iast/exploitable-vulns
       - title: Tests & applications
         path: /docs/iast/applications 
-  - title: IAST troubleshooting
-    path: /docs/iast/troubleshooting 
+  - title: Troubleshooting
+    pages:
+      - title: Application stability issues
+        path: /docs/iast/troubleshooting/application-stability-issues
+      - title: Unable to detect vulnerabilities in Golang application
+        path: /docs/iast/troubleshooting/unable-to-detect-vulnerabilities-for-golang-application
+      - title: Unable to find known vulneranilities
+        path: /docs/iast/troubleshooting/unable-to-find-known-vulnerabilities
+      - title: Unable to see application in the New Relic UI
+        path: /docs/iast/troubleshooting/unable-to-see-application
+      - title: Unable to see expected vulnerabilities in the New Relic UI
+        path: /docs/iast/troubleshooting/unable-to-see-vulnerabilities
+      - title: Unresponsive and crashing application
+        path: /docs/iast/troubleshooting/unresponsive-or-crashing-application
+      - title: Unsure if the agent is working
+        path: /docs/iast/troubleshooting/unsure-of-agent-working
+      - title: Viewing false vulnerabilities
+        path: /docs/iast/troubleshooting/viewing-false-vulnerabilities
+      - title: Viewing unknown files and directories
+        path: /docs/iast/troubleshooting/viewing-unknown-files-and-directories
   - title: IAST billing 
     path: /docs/iast/iast-billing