This section explains Application Rules service offered as part of Live Security Threat Intelligence. Application Rules are rules that are specifically designed to block attacks on known application vulnerabilities (many of them with CVEs) and are automatically updated. Customers can protect their applications from such vulnerabilities by enabling this service on their Controllers.

Note:

These rules are different from NSX Advanced Load Balancer’s Core Rule Set (CRS), where rules are protecting against generic attack classes.

Feature Highlights

  • Protection for known vulnerabilities for over 5000 applications such as WordPpress, Drupal, Apache, and many more.

  • Automatic rule updates.

Data Collection and Retention Policy

Data Collection:

No data is collected by and for this service. Application Rules are pushed only to the NSX Advanced Load Balancer Controllers where this service is opted-in (enabled).

Data Retention:

Does not apply to this service.

Note:

  • This service does not store or exchange any customer data.

  • This service has no access to customer infrastructure, including NSX, vCenter, and others.

  • This service does not read or write any configurations on the registered NSX Advanced Load Balancer Controllers.

How to enable this service

This is an 'opt-in' service and is disabled by default.

The stes to opt-in to this service and enable automatic support case creation are as follows:

  1. Navigate to Administration > Cloud Services.

  2. Click EDIT.

  3. Under Live Security Threat Intelligence, select Application Rules.

  4. Click SAVE.

Note:

You can opt-out of this service at any time and the Application Rules updates will stop.

Service Details

Once Application Rules service is opted in (enabled) on a NSX Advanced Load Balancer Controller, Application rules are automatically updated periodically.

Note:

By default Application Rules Sync Interval is set to 1 day (1440 minutes) (recommended) and 60 minutes is the minimum allowed value.

For more details on application rules, refer Application Rules section in WAF guide.

Events of Interest

The following events are generated on the NSX Advanced Load Balancer Controller when Application Rules service is enabled:

  • APPSIGNATURE_SYNC_SUCCESS: Application Rules update is successful

  • APPSIGNATURE_SYNC_FAIL: Application Rules update is not successful

Impact of Unavailability

During the period that this service is down, new application rule updates will not be pushed to enabled NSX Advanced Load Balancer Controllers. Load Balanced applications will continue to utilize cached application rules available on the NSX Advanced Load Balancer Controllers to protect against vulnerabilities.