Quick Start Guide
This guide is designed to match the flow of your first time in tCell, as well as provide some tips for optimizing your deployment. We will walk through the following sections:
- About tCell
- Getting Started and creating an app
- Optimizing your deployment
Welcome to tCell!
tCell by Rapid7 is a next-gen cloud web application firewall (WAF) and runtime application self-protection (RASP) tool that gives you complete visibility into your application and provides in-depth defense.
Top benefits of tCell
- Real Time Application Monitoring dramatically reduces the number of false positives, alerts you when malicious activity is suspected, and allows a real-time view of events. tCell alerts you about the risks your applications are facing, what attacks are active, and most importantly whether breaches require action or are actively being blocked.
- Self Protection Without Intervention allows you to automatically identify and block attacks at every application level with agents. tCell allows your applications to defend themselves from OWASP Top Ten attacks, zero-day attacks, and more so your team can focus on building better infrastructures and more secure applications
- Security and Remediation at the Speed of DevOps is possible by tCell simplifying the security process by removing the lag between security and DevOps to help your team build the foundation for a true DevSecOps organization. tCell’s analytics aggregate millions of data points from your servers, web browsers, and external threat intelligence sources to give you clear, actionable information in one simple step.
Protect your deployment with tCell
Getting to know the tCell UI
|Home||When you log in to tCell, you'll see apps, their agents, and the newsfeed. |
For more information, see Newsfeed and Alerts.
|Admin menu||All users can view the admin menu, but role-based access determines which actions are available. |
For more information, see Users and Access.
|Application dashboard||The Application Dashboard lists your applications and the number of agents installed for each app. |
To view the full application dashboard, click Home and select an app from the home page.
|Agents||An agent is a software application that integrates with your web application and web server code to monitor all incoming requests, and block malicious requests that can attack your application.|
For guides on specific agents, check out the User Guides section of the help.
|Agent dashboard||The Agent Dashboard shows you the agent you have installed and the IP and host name of the system it's installed on. |
New to tCell?
You can sign up for tCell here.
Getting started and creating an app
Install and configure
Admins responsible for installing and configuring tCell must do the following before users can interact with tCell.
- Obtain access to tCell from the Rapid7 Insight Cloud.
- Add Rapid7 IPs to the allowlist.
- Configure user access.
When you sign up for tCell, you will receive a Rapid7 Insight account. Visit the Rapid7 Insight Platform at https://insight.rapid7.com and enter your credentials to access tCell. If you did not receive a login email, please contact Rapid7 Support.
Create Your First App
tCell monitors and protects your web applications. Creating an app within tCell enables it to know that all the data that is coming to it from the agents are all associated with a single app instance. You must create a new app for each unique application in your environment.
- Click tCell Admin in the top toolbar to open the Admin panel.
- In the Admin panel, select the Applications tab, and click Add Application.
- In the Add Application window, enter a name, description, and tags. Tags help you easily identify and group your applications in the future.
- Click Add application.
- On the Admin > Applications page, ensure your app was created.
Every app has a unique application ID that is used throughout the system. When you copy configurations to another app, the new app will have a different application ID.
Install an Agent
An agent is a software application that integrates with your web application and web server code to monitor all incoming requests, and block malicious requests that can attack your application. tCell integrates with the following agents to meet your needs:
- Application Server Agents
- Web Server Agents
- Proxy Agents
- Cloud Delivery Network (CDN) Agent
Start your Application
Start your app to collect data.
Verify tCell is collecting data
You can perform the following simple checks to see if things are working properly:
- Check via the browser developer console or similar to see if there are CSP headers in the response body from the application.
- Check via the browser developer console or similar to see if JSAgent is being loaded in page.
- Check the
tcell.logfile in the tCell folder for recent activity. If you are testing with a Rails project, check to see if there are any recent writes to the ./tcell directory.
Optimize your deployment
tCell offers many features and options that you can enable and configure.
Set up alerts
You can configure the alert types and notifications provided by tCell to deliver the right information to the right people at the right time.
- Newsfeed and Alerts
- Webhooks Notifications
- Package Vulnerability Alerts
- Integrate Alerts and Data with Splunk
Integrate with other tools
Integrating with tools that you already use can help streamline your workflow. tCell integrates with SIEM, ticketing, and other tools.
Review newsfeed and alerts
By default, all features are monitored and you can view the activity in the Newsfeed and Alerts. Based on the data from the Newsfeed and Alerts, you can configure additional options to better protect your apps.
Configure additional options
You can further refine your scans and configure additional options to protect your apps.