Defining the glass box agent in AppScan

This section describes how to configure AppScan® to access a server-side glass box agent.

About this task

Once you have installed the glass box agent on your application server, you must define it to AppScan so it can access the agent. After this is done AppScan will automatically use the agent for glass box scanning in any relevant scan (unless you deselect it in the scan configuration).
Restriction: You can define the same server agent on several AppScan machines, however an agent can be used for only one scan at a time.
Restriction: You can define multiple agents, but only one agent can be selected in a scan configuration.

Procedure

  1. In Configuration > URL and Servers tab, set the Starting URL. Note that in this example, the URL includes port 8080.
    https://altoro.testfire.net:8080/
  2. Click OK to close the Configuration dialog box.
  3. Click Tools > Glass box agent management.

    The Glass Box Agents dialog box appears, listing any agents that have already been defined.

  4. To add a new agent to the list, click plus button.
    The Glass Box Agents Definition dialog box appears. The Glass Box Agent URL is automatically filled, based on the Starting URL you entered previously.
    Important: The Glass Box Agent URL automatically contains a port value extracted from the Starting URL, (in this case 8080). If you installed your agent on a different port, replace the port value with the correct one. In this example the port value has been changed to 8888.
    http://altoro.testfire.net:8888/GBootStrap/
  5. Fill in the remaining fields and options as needed.
    OptionDescription
    Username and password Type in the username and password that were defined when the agent was installed on the server.
    Agent log settings: (Optional:) Click to open these settings.
    Note: Agent log settings are saved in the agent on the server-side.
    Max. log rows (Optional:) Use the slider to limit the size of the log.
    Log content (Optional:) Select the level of information to be include in the log: Errors: Include only error messages; Warnings: Include error and warning messages; Info: Include errors, warnings and informational messages; Debug: Include all messages.
    Glass box logs are saved to:
    [Installation folder]\instrumentation.log

    AppScan tries to connect to the agent server. If successful, a green "Connected" icon appears. If there is any problem, a red icon will appear with a message such as "Unable to connect to agent" or "Credentials needed".


    green "Connected" icon
    Note: If your site offers both HTTP and HTTPS, verify that the starting URL is HTTPS (and change it to HTTPS if it is not).
    Note: If you get an error message, refer to

    http://www.ibm.com/support/docview.wss?uid=swg21567723

  6. Click OK to close the definition dialog box.

    The agent is added to the list.

  7. Click OK to close the list.

    The agent is now defined on this machine.