Knowledge Base

Helpful hints, tutorials & Monitoring Advice

How to Baseline the JavaScript Security Monitor

There are two main features of the JavaScript Security Monitor and this is an advanced feature that does require some setting up and baselining to define the normal behaviour.

It is expected that when you initially configure this feature it will bring back some false positive warnings. It is therefore important that you perform a baselining procedure in order to reduce the false positives to zero. When you are at this point you will get the most benefit out of the system as you know that any erroneous behaviour away from the normal will then be alerted upon.

Some JavaScript files will have a dynamic filename or path and some JavaScript files may contain dynamic elements within them that would alter the size of the file such as files that include the date or a session id within the JavaScript.

Both of the scenarios above could cause a False Positive that would produce a warning or alert.

We have developed a solution that allows you to baseline your configuration to identify any dynamic files that may need adjusting so as to not produce a lot of false positive warnings or alerts.

Looking at the example below we can see that the file has what looks to be a version number after the .js file extension:

JSM

Clicking on the Edit button allows you to set the filename of the JavaScript file to Begin With: rather than an exact match. We can then edit the filename to begin with the name before the dynamic element. This filename will still be matched so a warning will not be generated for the file if anything after the filename changes.

JSM 2

RapidSpike are offering Professional Services to perform the baselining operation on behalf of clients utilising their experience so feel free to get in touch if this is something you are interested in.

More information on Configuring the JavaScript Monitor can be found in the Knowledgebase.

For further reading be sure to check out the blog post: JavaScript Security Monitoring.