Title

All associated custom applications, including API endpoints, must be inventoried and managed. (Cat II impact)

Discussion

The Console Applications page provides integration with the CylanceON-PREM API. An application has a unique application ID and application secret for generating an access token, which is used to access the API. Administrators create the applications, then give API users the application ID and application secret. Inventorying and managing CylanceON-PREM's associated custom applications and API endpoints is critical for securing the environment, ensuring compliance, minimizing risks, maintaining operational efficiency, and improving incident response. By knowing what applications and APIs exist and how they function, organizations can enhance the ability to protect, monitor, and manage systems effectively, thus safeguarding sensitive data and improving overall security posture.

Check Content

Review the Console Applications. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to Configuration >> Applications. 3. Review the documentation of allowed applications. 4. Review the internal documentation for the location and protection of application ID and application secret. 5. All APIs must be documented. 6. Verify that controls are in place for who has access to APIs and where YAML files are stored. If any applications exist that are not documented, this is a finding. If application ID and application secrets are not documented and stored in the authorized location, this is a finding. If any APIs are in use and not documented, this is a finding. If the location and access of YAML files are not documented, this is a finding. If any of the above is documented but not adhered to, this is a finding.

Fix Text

Manage Custom Applications. Administrator privileges are required. 1. Log in to the admin console. 2. Navigate to Configuration >> Applications. 2a. To edit an application: - Click the "Edit" icon. - Update the application name or permissions. - Click the green check to save. 2b. To remove an application: - Click the trash can icon. - Click "Remove Application". 2c. To view the YAML file, click the API Documentation link.

Additional Identifiers

Rule ID: SV-272642r1113686_rule

Vulnerability ID: V-272642

Group Title: SRG-APP-000516

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.