Application Level Security

Application

  • The system user’s passwords are securely stored in the database.
  • Sensitive data such as integration passwords, usernames and/or app keys is encrypted and stored in the database.
  • The system web APIs contain a built-in mechanism to prevent brute force attacks.
  • System access to DB includes a built-in mechanism to prevent SQL injection attacks.
  • Input validation is performed throughout the system for both client and server-side access.
  • Playbook/integration are performed by a dedicated Sandbox server with limited access credentials.

Penetration Testing

  • A full penetration test is performed on both appliance and application on a periodic basis.

OS Level Security

Network Access

  • All communication is performed via HTTPS
  • Network Access – Inbound & Outbound traffic is limited to all but necessary ports
  • The SSL is provided with a valid, signed certificate
  • Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies.
  • All exposed ports by Chronicle SOAR Application for managing and troubleshooting (22, 5432, 5601) should be whitelisted to the specific IP list of the clients organization.
    The client should restrict access according to their organization’s policy.

Additional Software

  • Software installed on the appliance is limited to only required applications.
  • All open source software is scanned for Open Source License Compliance.

Operating System Updates

  • The Appliances OS is kept up to date for every version release.

Vulnerability Scanning

  • The appliance is thoroughly scanned for vulnerabilities on every release, utilizing leading Vulnerability Scanning solutions.

Access Control

  • Strong user account credentials are enforced.
  • Accounts are locked after exceeding maximum login attempts.

Remote Agent Infrastructure

Remote Agents

  • All communication Remote Agents is performed via Job Publisher and limited to one-way communication.
  • The Job Publisher data store is encrypted with a key that is not stored locally on the server.
  • All data is deleted automatically after a set time period.