This scenario captures how to detect hacking attempts to an application running on TSM.
This scenario walks through how to create a Threat Detection Policy to capture hacking attempts to the ACME Fitness Application via the TSM UI.
- VMware Tanzu Service Mesh Concepts VMware Tanzu Service Mesh Concepts
- Completion of TSM Console access SC01-TC01
- For Kubernetes Cluster
${KUBERNETES_CLUSTER1}completion of TSM Onboarding SC02-TC01 or SC02-TC02 or SC02-TC03 - Completion of ACME Fitness Application Deployment SC03-TC01
- Completion of GNS Creation SC03-TC02 or SC03-TC03
This test procedure assumes that the full ACME Fitness Application was deployed to the Kubernetes Cluster ${KUBERNETES_CLUSTER1}.
-
On the TSM UI from the left menu select
Policy > Threat Detectionand clickNEW POLICYto create a newThreat Detection Policy.Expected:
-
On the
New Attack Detection Policydialog enter a policy name and select the previously created Global Namespace (GNS). Make sure theSQL INJECTIONrequest attack is selected and clickNEXT.Expected:
-
Use the default selection
Level 1 (Low)for the advanced settings and selectNEXT.Expected:
-
For policy targets keep the default
All Services in the GNSand selectNEXT.Expected:
-
Validate the data entered for the
Threat Detection Policyand clickSAVEto create it.Expected:
-
Confirm the
Threat Detection Policywas created.Expected:
-
From a browser go to your deployed ACME Fitness Application and paste the following
SQL Injectionscript that will attack thecatalogservice product page.http://${ACME_FITNESS_FQDN}/products?id=productId%22%20UNION%[%E2%80%A6]20database(),2,3,4,5,6,7%20--+
Expected:
-
Back in the TSM UI navigate back to the GNS Topology
Inventory > Global Namespaceand toggle theAttacksbutton to display theSQL Inejectionattack.Expected:
-
Validate that the
SQL Injectionattack was also captured under theSecurity > Security Eventsdashboards and that details of the event are accessible.Expected:
- [ ] Pass
- [ ] Fail
Return to Test Cases Inventory