V-272642

Discussion

The Console Applications page provides integration with the CylanceON-PREM API. An application has a unique application ID and application secret for generating an access token, which is used to access the API. Administrators create the applications, then give API users the application ID and application secret. Inventorying and managing CylanceON-PREM's associated custom applications and API endpoints is critical for securing the environment, ensuring compliance, minimizing risks, maintaining operational efficiency, and improving incident response. By knowing what applications and APIs exist and how they function, organizations can enhance the ability to protect, monitor, and manage systems effectively, thus safeguarding sensitive data and improving overall security posture.

Check Content

Review the Console Applications. Administrator privileges are required.

1. Log in to the admin console.
2. Navigate to Configuration >> Applications.
3. Review the documentation of allowed applications.
4. Review the internal documentation for the location and protection of application ID and application secret.
5. All APIs must be documented.
6. Verify that controls are in place for who has access to APIs and where YAML files are stored. 

If any applications exist that are not documented, this is a finding.

If application ID and application secrets are not documented and stored in the authorized location, this is a finding.

If any APIs are in use and not documented, this is a finding.

If the location and access of YAML files are not documented, this is a finding. 

If any of the above is documented but not adhered to, this is a finding.