Cisco Secure Application uses the combination of the supported APM Agent, Controller, and Cisco Secure Application dashboard to monitor the security of the applications.

Splunk AppDynamics Agent

Cisco Secure Application library is bundled with the Java and .NET Agents. The agent communicates with the Cisco Secure Application service within the Controller, which is maintained in the cloud.

Splunk AppDynamics Controller

The Cisco Secure Application service is maintained in the cloud by Splunk AppDynamics. The APM Agent sends data to the service within the Controller. The service analyzes the data to protect against different types of attacks and vulnerabilities and then the service provides the analysis to the dashboard. For information about the attacks and vulnerabilities that Cisco Secure Application detects, see Cisco Secure Application Policies. It uses external feeds along with internal data to analyze the behavior of the application. It analyzes the CVEs (Common Vulnerabilities and Exposures) against a curated vulnerability feed. The service can detect:

• A vulnerability when it is enabled in the policy and when the associated behavior and the library used are considered vulnerable.
• An attack when it is enabled in the policy and abnormal behavior is detected. Remote Command Execution (RCE) is supported on Microsoft .NET Framework: 3.5 SP1, 4.6.2, 4.7.x, 4.8.x and Microsoft .NET: 6, 7, and 8. Vulnerability reporting is supported on Microsoft .NET: 6, 7, and 8. Remote Command Execution (RCE) support does not include filtering based on stack, or HTTP headers that is supported in Java. See .NET Supported Environments.

Cisco Secure Application Dashboard

A graphical representation of all the analyzed data. You can view this dashboard based on the role defined in the Cisco AppDynamics Controller. The data is updated on the dashboard when the service within the Controller sends the analyzed data to the dashboard.