- Added a public preview of the Interactive Application Security Testing (IAST) mode of the New Relic Security agent.
The New Relic Security agent IAST mode is in public preview and should only be used in non-production environments.
To learn about how to use IAST, check out our documentation.
By default, the New Relic Security agent IAST mode is completely disabled. To enable it, set both
Full configuration options are detailed below (note that the
security stanza should be indented two spaces under the pre-existing
common stanza in the
newrelic.yml config file):
# New Relic Security vulnerability detection.security:# Determines whether the security data is sent to New Relic or not. When this is disabled and agent.enabled is# true, the security module will run but data will not be sent. Default is false.enabled: false# New Relic Security provides two modes: IAST and RASP# Default is IAST. Due to the invasive nature of IAST scanning, DO NOT enable this mode in either a# production environment or an environment where production data is processed.mode: IAST# New Relic Security's SaaS connection URLvalidator_service_url: wss://csec.nr-data.net# To completely disable all security functionality, set this flag to false. This property is# read only once at application start. Default is false.agent:enabled: false# These are the category of security events that can be detected. Set to false to disable detection of# individual event types. Default is true for each event type.detection:rci:enabled: truerxss:enabled: truedeserialization:enabled: true
To identify which version of the Java agent you're currently using, run
java -jar newrelic.jar -v. Your Java agent version will be printed to your console.
Then, to update to the latest Java agent version:
- Back up the entire Java agent root directory to another location. Rename that directory to
#.#.#is the agent version number.
- Download the agent.
- Unzip the new agent download file, then copy
newrelic.jarinto the original Java agent root directory.
- Compare your old
newrelic.ymlwith the newly downloaded
newrelic.ymlfrom the zip, and update the file if needed.
- Restart your Java dispatcher.
If you experience issues after the Java agent update, restore from the backed-up New Relic agent directory.
We add new settings to
newrelic.yml as we release new versions of the agent. You can use
diff or another diffing utility to see what's changed, and add the new config settings to your old file. Make sure not to overwrite any customizations you've made to the file, such as your license key, app name, or changes to default settings.
For example, if you
diff the default
newrelic.yml files for Java agent versions 7.10.0 and 7.11.0, the results printed to the console will be like:
➜ diff newrelic_7.10.0.yml newrelic_7.11.0.yml...107a108,119> # Whether the log events should include context from loggers with support for that.> include_context_data:>> # When true, application logs will contain context data.> enabled: false>> # A comma separated list of attribute keys whose values should be sent to New Relic.> #include:>> # A comma separated list of attribute keys whose values should not be sent to New Relic.> #exclude:>125a138>128c141< enabled: false---> enabled: true...
In this example, these lines were added to the default
newrelic.yml in Java agent version 7.11.0. If you are moving to 7.11.0 or higher, you should add these new lines to your original
- New Relic recommends that you upgrade the agent regularly to ensure that you're getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.