View NGINX App Protect in NIM

There are two components to NGINX App Protect within NIM:

  • NAP configuration via Instance Manager extension
  • NAP monitoring via NGINX Security Monitoring (SM)
  1. Take a look at both of these components. First, load the NIM bookmark in Firefox and login using the lab / AppWorld2024! credentials, if not already. Then, click the Instance Manager tile.
  2. Click the Select module drop-down from the top of the left menu bar.
../../../_images/nim_instance_manager_dropdown.png
  1. Click Instance Manager in the drop-down.
../../../_images/nim_instance_manager_dropdown_selection.png
  1. Take a look at the NGINX App Protect policies that exist in NIM. Click on App Protect -> Policies towards the bottom of the Instance Manager menu bar.
../../../_images/nap_click.png
  1. You should see a list of existing WAF policies. You can see four policies configured. Notice that only the AppWorldPolicy is applied to an application. Click on the policy name to view more details.
../../../_images/nap_policy_list.png
  1. You’ll see that the policy is applied to an NGINX instance. The version of the policy that is applied is also shown. Click on the Versions sub-tab to see existing versions of this policy.
../../../_images/nap_policy_overview.png
  1. Notice that currently there is only one version. Click on the version name of the policy version in the list.
../../../_images/nim_nap_appworld_policy_versions.png
  1. You will see the JSON configuration for this WAF policy. Scroll through the WAF policy to briefly view the policy configuration. You can see actions configured for particular violations, blocked file types, HTTP verbs, and more. Don’t make any changes just yet.
../../../_images/nim_nap_appworld_policy_json.png
  1. Now you can view metrics surrounding the App Protect instance. Click the Select module drop-down from the top of the left menu bar.
../../../_images/nim_module_dropdown.png
  1. Select Security Monitoring from the drop-down.
../../../_images/menu_drop_down_nim-SM.png
  1. The Security Dashboard page will load, as shown below.
../../../_images/SM_security_dashboard.png
  1. Scroll down through the Main tab to see statistics surrounding attack traffic types, IP addresses, violations, URIs, and more.
../../../_images/SM_dashboard_main.png
  1. Click the Bots tab.
../../../_images/SM_dashboard_bots.png
  1. This tab shows information around bot traffic detected by App Protect. Scroll down to the Top Bot Classes, Top Bot Categories, and Top Bot Signatures. Click on Untrusted Bot in the Top Bot Classes list.
../../../_images/SM_top_bot_lists.png
  1. View extra details around the entry. Close the details box when finished.
../../../_images/SM_top_bot_details.png
  1. Click the Advanced tab.
../../../_images/SM_Advanced_click.png
  1. This tab shows data relating to attacks matching downloaded signatures.
../../../_images/SM_dashboard_advanced.png
  1. Scroll down and review the additional metrics available. Click on the single entry under the Top Attacked Instances list to see additional details.
../../../_images/SM_additional_metrics.png
  1. Close the details box when finished.
../../../_images/SM_dashboard_advanced_details.png
  1. Finally, click on the Events Log tab to view the historical event list.
../../../_images/SM_dashboard_event_logs.png
  1. You can click on any of the events in the list to view more details. Close the details box when finished.
../../../_images/SM_dashboard_event_details.png

Now that you’ve reviewed where WAF policies exist in NIM, how they are deployed at the application level and how to monitor security statistics and events in NIM, continue to the next section of the lab.