AppNeta employs various methods to keep your data secure. In addition, you should make sure that you change the default password on your monitoring points and regularly upgrade the monitoring point software.

Data storage

AppNeta Performance Manager (APM) is hosted on Amazon Web Services. AppNeta uses industry accepted best practices to keep this installation secure. This includes Amazon security groups, firewalled ports, ssh-key based machine logins, and key rotation.

Data access is restricted solely to AppNeta employees, all of whom are under strict confidentiality agreements. Only key engineers may access production data, and then only for the purpose of debugging data-related issues as a last resort. In addition, AppNeta Support may access your web console to provide guidance as a result of specific incidents or requests.

Packet capture

APM uses standard encryption practices to ensure that the information in your packet captures is securely transmitted and stored.

Captures are uploaded to the Capture Server via SSL where they are encrypted using an AES 256-bit key prior to their transfer to Amazon S3. The symmetric key used for encryption is based on a per-monitoring point, user-defined passphrase. A one-way SHA-1 hash of the passphrase is stored only on the monitoring point.

Captures must be decrypted using the symmetric key created from the passphrase. You are prompted for a passphrase once per monitoring point per login session; the passphrase is cached only for the duration of the login session. The actual download is via SSL.

As part of monitoring point decommissioning (typically occurring when a monitoring point is deleted), the passphrase and packet captures that have not yet been uploaded are cleared. If the monitoring point is no longer being used for packet captures, but you aren’t decommissioning it, a separate clear passphrase function is available.

Software monitoring points

Linux-based software monitoring points run as root and require outbound connections to APM servers to report the timing data and to download software updates. Timing data is sent back to APM via HTTPS. Software packages are downloaded from the upgrade repository via SSL. For the specific ports and protocols that are required by software monitoring points, see the Firewall Configuration page.

Download the audit log

The audit log file contains records of all actions performed on APM, when they were performed, who performed them, and where they were performed from. The .csv format audit log can be downloaded for review.

Only Organization Admins can download the audit log.

To download the audit log file:

  1. Navigate to > Download Audit CSV
  2. Specify the date and time range to download.
  3. Specify the organizations to download records for.
  4. Click Download.
  5. Open the downloaded .csv file.