CORE AppStaks
Purpose
This document describes the creation and management of AppStaks.
Introduction
AppStaks are collections of Assets or Asset Groups that contains grouping rules that can be used to group assets in a way that makes most sense to the business. A typical use of an AppStak is to group Assets and Asset Groups that belong to the same web application, business function or a system.
AppStaks in turn can be categorized in to groups that makes more business sense.
AppStaks View
Multiple AppStaks Connections
The hierarchy starts with Findings as the lowest entity, where one or more findings is associated to one Asset. An asset can be connected to on or more Asset Groups och one or more AppStaks. Assets Groups can be connected to both one or more AppStaks and other Asset Groups.
The AppStaks can be connected to several Assets and Asset Groups.
Worth noting is that due the multiple connections, assets can be shown several times as part of several AppStaks.
Displaying AppStaks
In the Dashboard the AppStaks are graphically displayed in the Category Risk card as well as the All AppStaks menu.
|
|
AppStaks that is not part of an Category are displayed as Uncategorized. These can be categorized in the AppStak configuration menu.
If there are no AppStaks within a given category or if there is no data for that category, the category will not be displayed in either Category Risk or All AppStaks menu.
| Option | Description |
|---|---|
| Assets * | Number of assets in the AppStak. |
| Business Criticality * | Business Criticality based on <value>
|
| Category * | The category the AppStaks belongs to. |
| Findings * | Number of findings detected on that asset. See CORE Findings for more information. |
| Grade * | Risk level on a scale from A to F where F represents the most critical risks. The following metrics are used and evaluated when calculating the risk level in the following order:
This order works as a funnel in a falling order. |
| Last Scan | Date of the last scan. |
| Name * | Lists of the AppStaks in the findings. |
| Remediation | Average number of days between firstseen and lastseen of Findings in the AppStaks. |
| Tags * | |
| UUID | The unique identifier of the Asset. |
*) Columns shown by default
Multi Select
When selecting more than one row using the check boxes, an average risk value for the selected rows is displayed in the details view to the right with the number of selected items at the top.
Configure Columns
The Columns can be configured in several ways. Columns can be added and removed and the order in which they are displayed can be changed.
Changing Column Width
All the columns are configurable in width by dragging the dotted area on the right side of the column head.
Changing Column Presentation
By dragging the dotted area on bottom of the column head, the order in which the columns are presented can be changed.
Selecting Columns
By clicking on the + sign in the upper right corner in the column head row, a column menu is displayed where columns can be selected and deselected to configure the findings view.
The content in the column menu may change depending on which view it is opened in.
Reset To Default
- To reset to default column presentation, press the Reset icon.
- A confirmation box is displayed, click the red Reset button to confirm.
- This resets the number of column shown and the order in which they are shown to default.
Managing AppStaks
Creating an AppStak
To creating an AppStaks :
- Click on the Configure icon in the left hand menu.
- Select AppStaks.
- Click on the blue + button in the lower left corner to add an AppStak.
This opens a column on the right hand side.
- Continue by filling in the Name of the AppStak.
- Select the category in the Category drop-down menu.
If the the correct category is not available in the list you can create a new category- Click the + Add Category link.
- Enter a new category name.
Click Add.
This category is available in the Category list once the AppStaks is saved.
To learn more about Categories, see CORE Configure Categories.
- Select the Business Criticality in the drop-down menu.
Select from:- Low
- Medium
- High
- Critical
- Select Tags, available tags are presented in a drop down menu.
- Continue to Adding Rules to AppStaks.
Adding Rules to AppStaks
The goal of AppStaks is to map Assets and Asset Groups into groups in a logical and useful way for the business. When an AppStak is created, it is empty and does not contain any rules. The rules define the criteria that will be used by the system to group Assets and Asset Groups into AppStaks. A rule consists of an attribute (like name or cloud provider) and a value where the value is a regular expression matching pattern with the following characteristics:
Example
server.* match all assets with names starting with server.
.*server match all assets with names ending on server.
String matching is case-sensitive
To add rules to an AppStak:
An AppStak requires at least one rule.
- Click on the + Add Rule to select what type of rule to create, Asset or Asset Group.
- Select which Attributes to use in the drop-down menu.
Select from:- Name
- Host Name
- Network
- Provider
- Tags
- Enter a Value for the selected Attribute.
- Click on the + Add Filter button to add more filter entries.
- The different entries follow an AND logic so that all need to be true for the rule to apply.
- Click on the blue Save button in the bottom right to add the rule.
When multiple rules are defined for a single AppStak, all assets that match either of the rules will be associated with that AppStak.
When multiple criteria are defined within a single AppStak rule, only assets that match all the criteria will be associated with that AppStak.
Examples:
Specifying Provider AWS in one rule and Provider Google Cloud in another rule defined for one and the same AppStak MyApp will associate all assets that are hosted in either AWS or Google Cloud with MyApp.
Specifying Provider AWS and Name cookbook in one rule defined for one and the same AppStak MyApp will associate only assets that have both cookbook in the name and are hosted in AWS.
Editing an AppStak
You can edit an AppStak by selecting it in the list and continue by editing the as in the previous section.
To edit an AppStaks :
- Click on the Configure icon in the left hand menu.
- Select AppStaks.
- Select an AppStak to edit.
- This opens an EDIT APPSTAK view on the right hand side. It has the same functions as when creating AppStaks.
- Once you are finished, click on the blue Save button.
Removing Attributes from AppStaks Rules
To remove attributes from an AppStak rule:
- Select a rule in the table.
- In the right hand window, click on the text Rules to open the Define Rule window.
- Click on the Bin icon to the right of the Attributes in the rule.
Removing a Rule
To remove a rule from an AppStak:
- Select the AppStak from the list.
- Expand the rule that should be removed by clicking the arrow to the right.
- Click the red Delete Rule button.
- The rule is removed from the list of rules.
Deleting an AppStak
You can delete an AppStak by selecting it in the list and the click Delete in the lower right corner.
A confirmation is displayed. Continue by clicking on the red Delete button.
Warning!
Deleting an AppStak cannot be undone.
Related Articles
Copyright
© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.
Trademark
Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.