A Cloud-Native Security Monitoring and Protection for Modern Applications
Documentation | Quick Start | Blog | Chat with us on Slack!
SecureNative performs user monitoring by analyzing user interactions with your application and various factors such as network, devices, locations and access patterns to stop and prevent account takeover attacks.
When using command line run the following:
$ nuget install SecureNative.SdkWhen using packet manager console run the following:
$ install-package SecureNative.SdkWhen using Visual Studio do the following:
- Go to Tools -> Package Manager -> Manage NuGet Packages for Solution...
- Click the Browse tab and search for
SecureNative.Sdk - Click
SecureNative.Sdkpackage in the search results, select desired version and desired projects to apply to and click Install
To get your API KEY, login to your SecureNative account and go to project settings page:
SecureNative can automatically load your config from securenative.json file or from the file that is specified in your SECURENATIVE_CONFIG_FILE env variable or in your project's root folder:
using SecureNative.SDK;
var securenative = Client.Init("path/to/securenative.json");using SecureNative.SDK;
var securenative = Client.Init("YOUR_API_KEY");using SecureNative.SDK;
SecureNativeOptions Options = ConfigurationManager.ConfigBuilder()
.WithApiKey("API_KEY"))
.WithMaxEvents(10)
.WithLogLevel("error")
.Build());
var securenative = Client.Init(Options);Once initialized, sdk will create a singleton instance which you can get:
using SecureNative.SDK;
var securenative = Client.GetInstance();Once the SDK has been initialized, tracking requests sent through the SDK instance. Make sure you build event with the EventBuilder:
using SecureNative.SDK;
//
// GET: /events/track
public void Track()
{
var securenative = Client.GetInstance();
var context = Client.ContextBuilder()
.WithIp("127.0.0.1")
.WithClientToken("SECURENATIVE_CLIENT_TOKEN")
.WithHeaders(new Dictionary<string, string> { { "user-agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" } })
.Build();
var eventOptions = EventOptionsBuilder.Builder(EventTypes.LOG_IN)
.WithUserId("1234")
.WithUserTraits("Your Name", "name@gmail.com", "+1234567890")
.WithContext(context)
.WithProperties(new Dictionary<object, object> { { "prop1", "CUSTOM_PARAM_VALUE" }, { "prop2", true }, { "prop3", 3 } })
.WithTimestamp(new DateTime())
.Build();
securenative.Track(eventOptions);
}You can also create request context from HttpServletRequest:
using SecureNative.SDK;
//
// GET: /events/track
public void Track()
{
var securenative = Client.GetInstance();
var context = Client.FromHttpRequest(Request).Build();
var eventOptions = EventOptionsBuilder.Builder(EventTypes.LOG_IN)
.WithUserId("1234")
.WithUserTraits("Your Name", "name@gmail.com", "+1234567890")
.WithContext(context)
.WithProperties(new Dictionary<object, object> { { "prop1", "CUSTOM_PARAM_VALUE" }, { "prop2", true }, { "prop3", 3 } })
.WithTimestamp(new DateTime())
.Build();
securenative.Track(eventOptions);
}Example
using SecureNative.SDK;
//
// GET: /events/verify
public void Verify()
{
var securenative = Client.GetInstance();
var context = Client.FromHttpRequest(Request).Build();
var eventOptions = EventOptionsBuilder.Builder(EventTypes.LOG_IN)
.WithUserId("1234")
.WithUserTraits("Your Name", "name@gmail.com", "+1234567890")
.WithContext(context)
.WithProperties(new Dictionary<object, object> { { "prop1", "CUSTOM_PARAM_VALUE" }, { "prop2", true }, { "prop3", 3 } })
.WithTimestamp(new DateTime())
.Build();
var verifyResult = securenative.Verify(eventOptions);
verifyResult.GetRiskLevel(); // Low, Medium, High
verifyResult.GetScore(); // Risk score: 0 -1 (0 - Very Low, 1 - Very High)
verifyResult.GetTriggers(); // ["TOR", "New IP", "New City"]
}Apply our filter to verify the request is from us, example in spring:
using SecureNative.SDK;
//
// GET: /webhook
public void WebhookEndpoint()
{
var securenative = Client.GetInstance();
// Checks if request is verified
var isVerified = securenative.VerifyRequestPayload(Request);
}You can specify custom header keys to allow extraction of client ip from different providers. This example demonstrates the usage of proxy headers for ip extraction from Cloudflare.
{
"SECURENATIVE_API_KEY": "YOUR_API_KEY",
"SECURENATIVE_PROXY_HEADERS": ["CF-Connecting-IP"]
}Initialize sdk as shown above.
using SecureNative.SDK;
SecureNativeOptions Options = ConfigurationManager.ConfigBuilder()
.WithApiKey("API_KEY"))
.WithProxyHeaders(new ["CF-Connecting-IP"])
.Build());
var securenative = Client.Init(Options);By default, SecureNative SDK remove any known pii headers from the received request. We also support using custom pii headers and regex matching via configuration, for example:
{
"SECURENATIVE_API_KEY": "YOUR_API_KEY",
"SECURENATIVE_PII_HEADERS": ["apiKey"]
}Initialize sdk as shown above.
using SecureNative.SDK;
SecureNativeOptions Options = ConfigurationManager.ConfigBuilder()
.WithApiKey("API_KEY"))
.WithPiiRegexPattern(@"((?i)(http_auth_)(\w+)?)")
.Build());
var securenative = Client.Init(Options);