You can use the Advanced policy tab to troubleshoot your tCell agent installations. The Advanced tab has the following categories:
Contact Rapid7 Support
The settings in the Advanced tab control the information sent by your agents to the Rapid7 Insight platform. You should not change the default settings of this tab unless advised by the Rapid7 Support team.
In the System Enablements section, you can send routes and File System discovered directories.
Compute and Send Route Ids
Routes are combinations of a URI path, such as
/admin/profile and the HTTP method used to access the endpoint, such as
POST. tCell uses Routes to denote logical endpoints in your application. Routes are used in several features of tCell such as App Firewall and OS commands.
Since several URIs can map to the same Route, tCell internally uses a unique identifier, called Route Id, to store every Route. On application startup, the tCell agent computes Route Ids for all the known Routes and sends this data back to the Rapid7 Insight platform. The process of computing Route Ids is computationally intensive. If this process causes performance issues or an abnormally high amount of network activity in your application, Rapid7 support may advise you to deselect the Compute and Send Route Ids option.
Since the agents compute and transmit Route Ids by default, this process will take place at least once on first time startup before you can deploy any policy changes. If you disable sending Route Ids to Rapid7 platform, you will not see the latest Route information in the App Firewall and OS Command screens.
Send File System Discovered Directories
The tCell agent monitors the local files and directories that your application is able to access. This information is useful for preventing local file injection attacks. When the application starts up, the tCell agent sends this information to the Rapid7 Insight platform. If this process causes performance issues or an abnormally high amount of network activity in your application, Rapid7 support may advise you to deselect the Send File System Discovered Directories option.
Since the agents transmit discovered directories by default, this process will take place at least once on first time startup before you can deploy any policy changes.
When troubleshooting agent issues, Rapid7 Support personnel need several pieces of data regarding the installed agent. With the Agent Diagnostics functionality, you can instruct the agent to collect all the required data in a diagnostics package and send it to the Rapid7 Insight platform for analysis.
To create an agent diagnostics package, select an App, then navigate to Policies > Advanced. In the Advanced tab, the Diagnostics policy section contains a list of active agents. You can select any number of these agents to create diagnostics packages. After you select your agents, click Deploy to create the diagnostics package. You can find the package on the file system in the directory that your agent is deployed, and the full file path in
tcell.log. Depending on the agent version, the package will also be uploaded to the Rapid7 Insight platform.
Supported Agents: Automatic upload to tCell
|Apache||2.0.3 or greater|
|IIS||1.1.2 or greater|
|Java||1.7.0 or greater|
|.NET||2.1.1 or greater|
|.NET Core||2.1.1 or greater|
|NGINX||2.1.0 or greater|
|Node.js||1.5.0 or greater|
|Python||1.5.0 or greater|
|Ruby||2.0.0 or greater|
|Envoy||0.5.0 or greater|
Supported Agents: Local filesystem creation only