Secure Application uses the combination of the supported APM Agent, Controller, and Secure Application dashboard to monitor the security of the applications.

Splunk AppDynamics Agent

Secure Application library is bundled with the Java and .NET Agents. The agent communicates with the Secure Application service within the Controller, which is maintained in the cloud.

Splunk AppDynamics Controller

The Secure Application service is maintained in the cloud by Splunk AppDynamics. The APM Agent sends data to the service within the Controller. The service analyzes the data to protect against different types of attacks and vulnerabilities and then the service provides the analysis to the dashboard. For information about the attacks and vulnerabilities that Secure Application detects, see Secure Application Policies. It uses external feeds along with internal data to analyze the behavior of the application. It analyzes the CVEs (Common Vulnerabilities and Exposures) against a curated vulnerability feed. The service can detect:

• A vulnerability when it is enabled in the policy and when the associated behavior and the library used are considered vulnerable.
• An attack when it is enabled in the policy and abnormal behavior is detected. Remote Command Execution (RCE) is supported on Microsoft .NET Framework: 3.5 SP1, 4.6.2, 4.7.x, 4.8.x and Microsoft .NET: 6, 7, and 8. Vulnerability reporting is supported on Microsoft .NET: 6, 7, and 8. Remote Command Execution (RCE) support does not include filtering based on stack, or HTTP headers that is supported in Java. See .NET Supported Environments.

Secure Application Dashboard

A graphical representation of all the analyzed data. You can view this dashboard based on the role defined in the Cisco AppDynamics Controller. The data is updated on the dashboard when the service within the Controller sends the analyzed data to the dashboard.