search close

Announcements

access_time Updated Oct 22, 2021

New Identity Provider Integration - Manage users with Okta

We have updated our official Okta integration to support automated provisioning, de-provisioning, and management of users. If you use Okta as your Identity Provider, you can easily install or update the Signal Sciences integration from the Okta Integration Marketplace.

After configuring the integration, any existing Signal Sciences users will be automatically matched to existing Okta users that have identical email accounts.

Customers can use Okta “groups” to assign Signal Sciences roles and site memberships to users in that group.

From Okta, you can:

  • Create users in Signal Sciences
  • Delete users from Signal Sciences
  • Edit users’ site memberships
  • Edit users’ role

Learn more by visiting our official documentation site.

Moved - Rate Limited IPs list

As of February 24, the Rate Limited IPs list, previously available as a tab on the Events page (under the Monitor menu), is now available on the brand-new Observed IPs page (also under Monitor menu).

You can also find new Suspicious IP and Flagged IP lists on the Observed IPs page. To learn more about Observed IPs, read our announcement or visit our documentation site.

New Observed IPs page

We’ve introduced a new Observed IPs page in the Signal Sciences console, found underneath the Monitor menu.

This page is your one-stop-shop to find information about what we’re calling “Observed IPs.” There are three stateful IP statuses we represented on lists: Suspicious IPs, Flagged IPs, and Rate Limited IPs. Now, you can find all of these lists in one convenient view.

Important note: The Rate Limited IPs tab on the Events page has now moved to the Observed IPs page.

Learn more about Observed IPs by visiting our documentation site.

New Dashboards and Templated Rules Page

We are excited to announce today the launch of API and ATO Protection Dashboards, a new set of features dedicated to identifying, blocking, and analyzing malicious behavior that attackers use against web applications and APIs. Now available on the Signal Sciences console, these new dashboards surface security telemetry from over 20 new signals for advanced attack scenarios such as account takeover, credit card validation, and password reset.

For more information, view our blog post about the features.

To configure and activate your new templated rules, login to the management console and select templated rules, or navigate directly to the new dashboards from any site’s home dashboard.

New Request Volume Graph

A new Request Volume graph is included in the first position of the default Overview system dashboard on every site. The graph represents the number of requests hitting a site over a given timeframe, along with average RPS. The graph can also be added to any custom dashboard.

To learn more about your site’s Overview Page and how to customize dashboards, head over to the relevant docs page.

Deprecated - Weekly Summary Page

The Weekly Summary page is no longer available as of September 9. The summary’s information and functionality can now be accessed from site-level dashboards (with the release of the new Request Volume card) Any existing links to the Weekly Summary will be redirected to the site’s Overview dashboard with a seven-day lookback.

Learn more about dashboards and how to customize them by visiting the relevant docs page.

New Client IP Headers setting

You can now set the real client IP of incoming requests across all agents via the console UI. The new setting replaces the need to update the /etc/sigsci/agent.conf file on each agent to specify the real client IP.

To use the new feature, visit site settings > agent configurations in your console and scroll down to the Client IP Headers section. Learn more

New request to site rule converter

Our latest introduction to the console makes it easier than ever to use data from a request to create a new site rule. To use the tool, click “View request detail” for any request in the requests page, then look for the new “Convert to rule” button. With the new menu, you can select from the available request data to jumpstart the process of creating a rule.

API Access Token updates

We’ve made a number of improvements to API Access Token security, management, and visibility for corp Owners.

Security:

  • Corp Owners can set an expiration TTL that applies to all tokens. The expiration countdown is based on the token’s creation timestamp.
  • Corp Owners can create a list of IP or ranges that all tokens needs to be used from (ie. a corporate network) otherwise API access will result in a 400-error
  • Corp Owners can restrict token usage on a user-by-user basis. See below.
  • These restrictions can be enabled or disabled from the Corp Manage > User Authentication page

Restrictions by user:

  • When per-user restrictions are enabled, globally users cannot create or use tokens unless they are given explicit permission by the corp Owner
  • Important: If users have existing tokens when this feature is enabled, these existing tokens will be disabled (not deleted) until permissions are given to their owners, and then they will resume working. Users just need permission once.
  • Permission is granted to users from the Corp Manage > Corp Users > Edit User page

Visibility and management:

  • Corp Owners can see all the tokens created and in use across the corp from the brand new Corp Manage > API Access Tokens page
  • Corp Owners can view info about the tokens (like creator and IP), as well as info related to the changes above, like expiration, status (Disabled by Owner, Expired, Active)
  • When they turn on Restrictions by User, a corp Owner can use this page to see who needs permission and which tokens are disabled
  • Corp Owners can delete access tokens
  • An individual user’s tokens have moved from their account settings page to the new My Profile > API Access Tokens page

New rules conditions

We are pleased to announce the introduction of several new rules conditions that will help give you better visibility into abusive or anomalous behavior on your applications.

  • Response Conditions Use Response code or Response header as conditions in request rules or signal exclusion rules for finer detail when adding or removing a signal. Combine response conditions with request conditions to gain greater insight into the results of client requests.

  • Custom Signals Use custom signals as conditions in request rules to improve workflows or create more complex rule logic.

Learn more

SSO Bypass

A couple updates to the feature formerly known as API Users:

1. We’re no longer using the term “API Users” in the console or the API. Instead, these are now “users with SSO Bypass.” The intent of this attribute is to enable organizations to invite third-parties to access their SigSci instance – for example, a contractor who is outside the organizations SSO setup. While users with SSO Bypass can still connect to the API, we recommend users create API Access Tokens to connect services or automations to our API.

2. Users with SSO Bypass can now use Two-Factor Authentication (2FA). Corps with SSO enabled can continue to invite users from outside their organization’s SSO, like contractors, now with the added protection of 2FA.

Templated rules response header and value conditions

You can now add optional response header name and value conditions to ATO templated rules, which include:

  • Login Success
  • Login Failure
  • Registration Success
  • Registration Failure

We’re excited to give you these additional levels to protect your apps against ATO and excessive authentication attempts! If you have any questions about these changes, reach out to us at support@signalsciences.com.

Example for the Login Success templated rule:

Agent 1x and 2x End-of-Life

We will disable all agents older than 3.0 on March 31, so if you have any agents between 1.x to 2.x please upgrade them before March 31. We’ve improved our newer agent versions to be much more efficient and secure. If you need help upgrading, let us know at support@signalsciences.com. If you’re wondering if this affects you, don’t worry! We’ve been reaching out to anyone this impacts to help them upgrade and we’ll make sure that no one is left behind.

Multiple custom dashboards

We are excited to announce that we’ve introduced the ability for users to create and edit multiple custom dashboards for each site. Last year, we introduced the ability for users to edit the dashboard found on each site’s overview page, by adding custom signal timeseries graphs and rearranging the layout of those cards. Today, we’ve introduced the ability to save multiple custom dashboards, each with their own name and card layout. Every card type is moveable, including default cards like the Flagged IPs card. Owners, Admins, and Users can edit and view all of a site’s dashboards, and Observers can view them.

Find out more about custom dashboards in our latest blog post and learn how to create and customize dashboards by visiting our documentation.

Changes to the User API

We’ve made a few changes to our user roles lately, and we updated the API response for /api/v0/corps/_/users to return new values. The new values are already available for use. The old values are still available as well, but they will be deprecated Friday, September 27, 2019.

Old value New value
corpOwner owner
corpAdmin admin
corpUser user
corpObserver observer

Announcing Corp Rules

Take advantage of corp rules in order to create rules that apply to all, or a select number of sites within your corp. In the corp level navigation, simply navigate to Corp Rules > Corp Rules. From this page, manage existing corp rules, or add a new rule with the existing rules builder. Select the global scope to apply the rule to all sites within the corp, or select specific sites that you’d like the rule to apply. Note, this is a corp level feature available to corp owners and admins. For more information on rules look at our documentation

Dashboard navigation changes

We’ve made some big changes to the dashboard navigation. We’ve launched a few new features recently, with a focus on elevating some configurations from the site-level to multi-site- or global-level. We wanted to update the nav to make it clearer and more consistent.

We took a look at making sure each navigation item is in the right menu, and that the menu names are parallel at both the corp- and site-level. Think “Corp Rules” versus “Site Rules.” You’ll also notice a few items and page names have changed as well. For example, “Activity” is now “Audit log.” See a full list of changes below:

Renamed and reorganized categories:

  • Library is now “Corp Rules”
  • Corp Tools is now “Corp Manage"
  • Configure is now split up into “Site Rules” and “Site Manage”
  • Corp Rules and Site Rules categories now only contain pages that directly relate to rules.
  • We added the words “Corp” and “Site” in front of pages that have a corp/site equivalent to prevent confusion between corp and site levels (e.g., rules, lists, signals, integrations, audit log).
  • We removed 2 pages from the navigation to prevent duplicate access points: Corp Overview and Monitor View. Corp Overview was removed since it can be accessed by clicking on your corp name. Monitor View was removed because it can be accessed on the Site Overview page.
  • Site Settings is now underneath Site Manage to prevent overcrowding in the nav.
  • Site Audit Log (formerly Activity) was moved to Site Manage to stay consistent with Corp Audit Log being underneath Corp Manage

Page nomenclature changes include:

  • “Activity” is now “Audit Log”
  • “Settings” is now “User Authentication”
  • “Week in Review” is now “Weekly Summary”
  • “Data Privacy” is now “Redactions”
  • “Dashboards” is now “Signals Dashboards”
  • “Custom Alerts” is now “Site Alerts”

Event page updates

We have launched some great new improvements to the Events page. Read about the updates below or see them for yourself.

1) We’ve added filters to the Events page to make it easier to triage and review events. You can filter by IP, signal, and status (Active/Expired).

2) Scrolling and navigation has been improved. First, we’ve made navigation elements “sticky” so they follow the user as they scroll up and down the page. Second, we’ve added a new interaction that automatically scrolls the user to the top of the page when they select a new event, reducing the amount of scrolling you have to do when reviewing multiple events.

3) We also have always-persistent Next Event and Previous Event buttons that make it easy to cycle through and review events. We think this will make it easy to manage the reviewing workflow when there are a lot of events.

4) Copy updates, like to the title of the Event Detail, to make it easier to know which event you’re focused on at any time.

Assign multiple users to a site at once

Corp Owners and Admins can now assign multiple existing users to a site at once.

Corp Owners and Admins can now assign multiple existing users to a site at once. This provides business unit leaders and site managers an easy way to add their entire team to a new site at once. This feature can be accessed by Owners from the Corp Users page (under the Corp Tools menu) or by Owners and Admins from the Site Settings page. Note: The flow is restricted to users that are already existing in the corp. New users can’t be invited from the flow.

Check out our documentation to learn more.

User Management Updates

The UI for the corp-level Users Page has been improved to give Owners a better experience when managing and editing users across their entire corp. We’ve added enhanced filtering so users can now focus on specific sites or roles. This also lays the groundwork for some highly requested user management features.

We have also enhanced the Site Settings Page usability with an easier-to-use tabbed layout. Important: With this update, the legacy Site Users page has been deprecated and moved to the Users tab.

Announcing Corp Signals

Corp Signals allow you to centrally manage and report on signals that are specific to your business at the corp-level rather than on individual sites! For example, you can create a single corp-level “OAuth Login” signal that can be used in any site rule which will then show up on the Corp Overview page. Learn more.

Stay on top of your corp activity

With corp integrations, you can receive alerts on activity that happens at the corp level of your account. Events relating to authentication, site and user administration, corp rules, and more can be sent to the tools you use for your day-to-day workflow. These are the same events you see in the Corp Activity section of the dashboard.

The following events are available for notification:

  • New releases of our agent and module software
  • New feature announcements
  • Sites created/deleted
  • SSO enabled/disabled on your corp
  • Corp Lists created/updated/deleted
  • Corp Signals created/updated/deleted
  • Users invited
  • User MFA enabled/updated/disabled
  • Users added/removed
  • User email bounced
  • API access tokens created/updated/deleted

Currently, we offer integrations with Slack, Microsoft Teams, and email. Please visit the Corp Integrations page to configure one today.

Brand new Corp Overview

We have redesigned the Corp Overview page from the ground up to give you better tools to analyze security trends across your entire organization. It has been enhanced to allow you to:

Visualize attack traffic: New request graphs offer a high-level view of traffic across all of your monitored properties, as well as site-by-site breakdowns down of attack traffic and blocked attack traffic.

View corp-level Signal counts: For the first time in the dashboard, you can view the total number of requests tagged with specific Signals across your whole corp using the Signal Trends table. See what security trends are affecting your properties and adjust your security strategy accordingly.

Filter, filter, filter: We’ve added filtering and pagination tools to just about every aspect of the Corp Overview, allowing you to specify the data you want to see. Filter by site or Signal to zoom in on request data, or use the powerful new timerange selector to report day-, week-, or month-over-month.

Visit the Corp Overview page to see for yourself. It can be accessed by clicking on your corp name in the navigation, or by selecting Corp Tools > Overview.

To learn more about the Corp Overview, read our new blog post.

Updated Permissions and Roles

tl;dr: Roles and permissions have been updated. Corp Admin is a brand-new role, and existing Corp Owners and Corp Users with multiple site roles experienced some permission updates. Check out the changes below.

What’s new?

We’ve made some changes to our roles and permissions. These changes are designed to make it simpler to manage users across multiple sites at once, and will allow us to introduce some powerful new features in the near future.

Owner has full access and full owner permissions across every site within their corp. This isn’t a substantial change; previously Corp Owners could set themselves as members of any and all sites. We’re just simplifying the process of granting these permissions.

Admin is a brand new role we created to make it simpler for users to manage multiple sites. The Admin has Site Admin permissions on specific sites, meaning they can invite users and can edit configurations and agent mode (blocking/non-blocking). Admins do not have visibility into sites they do not manage and have limited visibility into corp-level or multi-site features.

User manages specific sites, including configurations and agent mode (blocking/non-blocking). Users do not have visibility into sites they do not manage and have limited visibility into corp-level or multi-site features.

Observer views specific sites in a read-only mode and has limited visibility into corp-level or multi-site features.

Role Site access User management privileges Change agent blocking mode Configure rules and other settings
Owner All sites Invite, edit, delete, security policies Every site Every site
Admin Specific sites Invite to specific sites Specific sites Specific sites
User Specific sites No Specific sites Specific sites
Observer Specific sites No No No

How was I affected by the update?

If you were previously a Corp Owner: you now have access to every site within your corp and are granted Site Owner permissions by default. Previously, Corp Owners could optionally choose to be members of sites. This option is no longer available.

If you were previously a Corp User:

  • If you were either a Site Owner or Site Admin on any site in your corp, you are now an Admin across all your site memberships.

  • If you were a Site User or a Site Observer on sites (and not a Site Owner or Site Admin) , you are a User on those same sites.

  • However, if you only had the Site Observer role across all of your site memberships, you are an Observer with visibility limited to those same sites.

Questions or concerns? Check out our Customer Support portal.

Updated APT and YUM repo signing keys

Due to a change with our package hosting provider, we have updated the GPG keys for our YUM and APT repositories. Updated GPG URLs are now listed in all relevant installation instructions.

If you have scripts for automated deployment, you will need to update the scripts with the new GPG key URL to ensure they continue to work:

Old URL: https://yum.signalsciences.net/gpg.key or https://apt.signalsciences.net/gpg.key New URL: https://yum.signalsciences.net/release/gpgkey or https://apt.signalsciences.net/release/gpgkey

Note: If you’re using NGINX 1.9 or earlier, then you will instead want to use the legacy URL of: https://yum.signalsciences.net/nginx/gpg.key

Introducing Corp Lists!

Corp Lists are a new feature that allow Corp Owners to manage Lists at the corp-level which can be used by any site-level rule. You can find Corp Lists by going to Library > Corp Lists in the corp-level navigation.

For example, you can centrally manage a list of OFAC-sanctioned countries, or scanner IPs that you may want to block or allow across multiple sites.

Learn more about Lists here.

Customize the Monitor View

Here by popular demand, you can now customize the Monitor View. Previously, the Monitor would display 5-6 default graphs. With the new update, the Monitor now reflects any custom Overview page graphs or arrangements. When displayed as a grid, the Monitor shows the first 6 cards from the Overview page. When displayed as a carousel, the Monitor will cycle through all cards.

Check out the new Custom Signals page!

Custom Signals enable you to gain visibility into traffic that’s specific to your application. You can create these signals either on the Custom Signals page (Configure > Custom Signals) or, more commonly, when creating or editing a Rule.

The new Custom Signals page now shows:

  1. The number of requests tagged with a particular signal in the past 7 days.
  2. The number of Rules that add that signal.
  3. The number of Alerts that use that signal.

This additional data makes it easier to determine whether a Custom Signal is working correctly or is no longer used by any Rules or Alerts.

Check out our fresh new status page!

Be sure to subscribe to our new status page at https://status.signalsciences.net/ so that you can receive alerts in the rare occasion that Sigsci has an unexpected event. Please note that you’ll need to resubscribe to this new page if you were previously subscribed to the old status page.

Rules Simplification

Starting today, November 8th, we’ll be rolling out a new unified Rules page.

Previously Request Rules (rules that allow you block, allow, or tag requests) and Signal Rules (rules that allow you to exclude signals for specific criteria) were managed on two distinct pages. Now Request and Signal Rules can be viewed, managed, and filtered from a single page.

Why are we making this change?

In addition to simplifying the number of pages in the product you need to go to manage rules, this change lays the groundwork for future changes to more easily share rules across sites.

How will this change affect me?

From a user-facing perspective, this change should be minimal — existing URLs will be redirected and you will create and manage rules from a single page.

Where can I learn more about rules?

Full documentation for rules is available here.

Coming soon: Updated roles and permissions

tl;dr: Roles and permissions will be changing in January. Corp Admin is a brand-new role, and existing Corp Owners and Corp Users with multiple site roles will experience permission updates. Review the changes below and prepare your organization.

What’s new?

We’re making some changes to our roles and permissions. These changes are designed to make it simpler to manage users across multiple sites at once, and will allow us to introduce some powerful new features in the near future.

Owner will have full access and full owner permissions across every site within their corp. This isn’t a substantial change; current Corp Owners can already set themselves as members of any and all sites. We’re just simplifying the process of granting these permissions.

Admin is a brand new role we created to make it simpler for users to manage multiple sites. The Admin has Site Admin permissions on specific sites, meaning they can invite users and can edit configurations and agent mode (blocking/non-blocking). Admins will not have visibility into sites they do not manage and will have limited visibility into corp-level or multi-site features.

User will manage specific sites, including configurations and agent mode (blocking/non-blocking). Users will not have visibility into sites they do not manage and will have limited visibility into corp-level or multi-site features.

Observer will view specific sites in a read-only mode and will have limited visibility into corp-level or multi-site features.

Role Site access User management privileges Change agent blocking mode Configure rules and other settings
Owner All sites Invite, edit, delete, security policies Every site Every site
Admin Specific sites Invite to specific sites Specific sites Specific sites
User Specific sites No Specific sites Specific sites
Observer Specific sites No No No

How will I be affected when the roles are updated?

If you are currently a Corp Owner: you will have access to every site within your corp and will be granted Site Owner permissions by default. Currently, Corp Owners can optionally choose to be members of sites. This option will no longer be available.

If you are currently a Corp User:

  • If you are either a Site Owner or Site Admin on any site in your corp, you’ll become an Admin across all your site memberships.

  • If you are a Site User or a Site Observer on sites (and not a Site Owner or Site Admin) , you will be a User on those same sites.

  • However, if you only have the Site Observer role across all of your site memberships, you will become an Observer with visibility limited to those same sites.

Questions or concerns? Check out our Customer Support portal.

Personal API Access Tokens

Personal API Access Tokens are permanent tokens that can be used instead of passwords to authenticate against the API. This allows SSO and 2FA users to easily access the API without the additional workaround. Furthermore, these tokens can be used directly against API endpoints without having to authenticate and obtain a session token.