This scenario captures how to detect hacking attempts to an application running on TSM.
This scenario walks through how to create a Threat Detection Policy
to capture hacking attempts to the ACME Fitness Application via the TSM UI.
- VMware Tanzu Service Mesh Concepts VMware Tanzu Service Mesh Concepts
- Completion of TSM Console access SC01-TC01
- For Kubernetes Cluster
${KUBERNETES_CLUSTER1}
completion of TSM Onboarding SC02-TC01 or SC02-TC02 or SC02-TC03 - Completion of ACME Fitness Application Deployment SC03-TC01
- Completion of GNS Creation SC03-TC02 or SC03-TC03
This test procedure assumes that the full ACME Fitness Application was deployed to the Kubernetes Cluster ${KUBERNETES_CLUSTER1}
.
-
On the TSM UI from the left menu select
Policy > Threat Detection
and clickNEW POLICY
to create a newThreat Detection Policy
.Expected:
-
On the
New Attack Detection Policy
dialog enter a policy name and select the previously created Global Namespace (GNS). Make sure theSQL INJECTION
request attack is selected and clickNEXT
.Expected:
-
Use the default selection
Level 1 (Low)
for the advanced settings and selectNEXT
.Expected:
-
For policy targets keep the default
All Services in the GNS
and selectNEXT
.Expected:
-
Validate the data entered for the
Threat Detection Policy
and clickSAVE
to create it.Expected:
-
Confirm the
Threat Detection Policy
was created.Expected:
-
From a browser go to your deployed ACME Fitness Application and paste the following
SQL Injection
script that will attack thecatalog
service product page.http://${ACME_FITNESS_FQDN}/products?id=productId%22%20UNION%[%E2%80%A6]20database(),2,3,4,5,6,7%20--+
Expected:
-
Back in the TSM UI navigate back to the GNS Topology
Inventory > Global Namespace
and toggle theAttacks
button to display theSQL Inejection
attack.Expected:
-
Validate that the
SQL Injection
attack was also captured under theSecurity > Security Events
dashboards and that details of the event are accessible.Expected:
- [ ] Pass
- [ ] Fail
Return to Test Cases Inventory