Knowledge Base

Helpful hints, tutorials & Monitoring Advice

How to Configure the JavaScript Security Monitor

The JavaScript Security Monitor introduces a new level of security monitoring that is aimed at JavaScript files used by your web site. The monitor works on both self-hosted JavaScript files as well as JavaScript files hosted by a third-party.

The RapidSpike JavaScript Security Monitor has been released as an Enterprise feature and you need at least an Enterprise account in order to configure the monitor against your website.

The monitor is configured as a module to a User Journey and it is configured through the User Journey configuration screens.

You need a configured User Journey that visits all of the pages you wish to check the JavaScript on in order to operate.

Visiting the Journey Settings you will now see a JS Security tab. The first time you visit this tab you will be presented with the screen below advising you that the monitor is not running:

JavaScript Security Monitor

Enable the JavaScript Security Monitor by clicking on Activate Monitor, the system will then retrieve the JavaScript files identified during the most recent successfully run User Journey.

The JavaScript Security Monitor is now running but will only warn you when new JavaScript files appear. To also check for a change of filename, select the file or files you wish to track.

Tracked files are monitored for filename changes and the screenshot below displays a sample JavaScript whitelist with 3 files being tracked.

JavaScript Security Monitor

More information on Baselining the JavaScript Monitor can be found in the Knowledgebase.

For further reading be sure to check out the blog post: JavaScript Security Monitoring.