Detecting unprotected web apps
Table of Contents
Detecting unprotected web apps
Prisma Cloud scans your environment for containers and hosts that run web apps and reports any that aren’t protected by WAAS.
During the scan, Prisma Cloud detects HTTP servers listening on exposed ports and flags them if they are not protected by WAAS.
Unprotected web apps are flagged on the radar view and are also listed in
Monitor > WAAS > Unprotected web apps
.The following screenshot shows how Radar shows an unprotected web app:
Report for unprotected web apps
The following screenshot shows how unprotected web apps are reported in
Monitor > WAAS > Unprotected web apps
:
In the Containers tab, the report lists the images containing unprotected web apps, the number of containers running those images, and the ports exposed in the running containers.
In the Hosts tab, the report lists the hosts on which unprotected web apps are running, the number of processes running those apps, process names and the ports exposed in the hosts.
This information can be used when adding new WAAS rules to protect containers and hosts.
Above the table is the date of the latest scan.
The report can be refreshed by clicking the refresh button.
Users can export the list in CSV format.
The CSV file has the following fields:
- Containers- Image, Host, Container, ID, Listening ports
- Hosts- ID, Unprotected processes
Filtered processes
The following list of processes is not included in the WAAS unprotected web apps detections:
Kubernetes/Docker
- coredns
- kube-proxy
- docker
- docker-proxy
- kubelet
- openshift
- dcos-metris
- dcos-metris-agent
- containerd
Databases
- mysql
- mysqld
- mongod
- postgres
- influxd
- redis-server
- asd
- rethinkdb
Proxies
- haproxy
- envoy
- squid
- traefik
SSH binaries
- sshd
- ssh
WAAS proxy process
- defender
Disabling scans for unprotected web apps
By setting the Scan for unprotected web applications toggle to the
Disabled
position, users are able to disable periodic scanning for unprotected web applications and APIs.The toggle in either the Containers or Hosts tabs will disable scanning of containers and hosts simultaneously when disabled.