: Detecting unprotected web apps
Table of Contents

Detecting unprotected web apps

Prisma Cloud scans your environment for containers and hosts that run web apps and reports any that aren’t protected by WAAS.
During the scan, Prisma Cloud detects HTTP servers listening on exposed ports and flags them if they are not protected by WAAS.
Unprotected web apps are flagged on the radar view and are also listed in
Monitor > WAAS > Unprotected web apps
The following screenshot shows how Radar shows an unprotected web app:

Report for unprotected web apps

The following screenshot shows how unprotected web apps are reported in
Monitor > WAAS > Unprotected web apps
In the Containers tab, the report lists the images containing unprotected web apps, the number of containers running those images, and the ports exposed in the running containers.
In the Hosts tab, the report lists the hosts on which unprotected web apps are running, the number of processes running those apps, process names and the ports exposed in the hosts.
This information can be used when adding new WAAS rules to protect containers and hosts.
Above the table is the date of the latest scan. The report can be refreshed by clicking the refresh button.
Users can export the list in CSV format. The CSV file has the following fields:
  • Containers
    - Image, Host, Container, ID, Listening ports
  • Hosts
    - ID, Unprotected processes

Filtered processes

The following list of processes is not included in the WAAS unprotected web apps detections:
  • coredns
  • kube-proxy
  • docker
  • docker-proxy
  • kubelet
  • openshift
  • dcos-metris
  • dcos-metris-agent
  • containerd
  • mysql
  • mysqld
  • mongod
  • postgres
  • influxd
  • redis-server
  • asd
  • rethinkdb
  • haproxy
  • envoy
  • squid
  • traefik
SSH binaries
  • sshd
  • ssh
WAAS proxy process
  • defender

Disabling scans for unprotected web apps

By setting the Scan for unprotected web applications toggle to the
position, users are able to disable periodic scanning for unprotected web applications and APIs.
The toggle in either the Containers or Hosts tabs will disable scanning of containers and hosts simultaneously when disabled.

Recommended For You