Home
Administration Guide
Administration, configuration, and management tasks needed for the optimal use of Seeker
Project Administration
Management and configuration tasks that Seeker administrators can perform for projects.
Configure Project Features
Customize the way Seeker handles a project by configuring its various features.
Configure Active Verification
Define how to apply Active Verification to the requests generated by an application.

Administration Guide
Administration, configuration, and management tasks needed for the optimal use of Seeker
- System Administration
  Seeker provides a set of tools that enable administrators to configure, customize, and fine-tune various features and capabilities of the system, as well as integrate external tools.
- User Administration
  Introduces the Seeker role-based access control (RBAC) concept, and outlines the user administration tasks.
- Project Administration
  Management and configuration tasks that Seeker administrators can perform for projects.
  - Add a Project
    To start monitoring an application, add a project, and activate it by connecting an Agent.
  - Edit a Project
    Edit project properties.
  - Manage a Project
    Perform project managements tasks, such as delete a project, create a project template, and manage a composite project.
  - Manage Project Membership
    Control access to project-related operations by managing project membership.
  - Configure Project Settings
    To customize Seeker's behavior for a project, configure various project settings.
  - Configure Project Features
    Customize the way Seeker handles a project by configuring its various features.
    - Configure Active Verification
      Define how to apply Active Verification to the requests generated by an application.
    - Configure Authentication Validation
      Authentication validation can discover API endpoints that do not perform an authentication check.
    - Configure Active Inspection
      Instruct Seeker to actively discover and inspect unused and empty request parameters using unsafe content, as well as untested endpoints and APIs.
    - Configure Cross-Project Analysis
      Seeker enhances data flow analysis by an ability to track unsafe data across projects.
    - Configure Data Flow Map
      Enable Seeker users to explore their application's real-time interactions with other resources, such as databases and internal or external services.
    - Configure Endpoint Discovery
      Enable Seeker to discover all the declared and visited inbound endpoints in applications, such as APIs and application pages, to present a visual overview of their test coverage on the Endpoint Risk page.
    - Configure Project Version Management
      Project version management enables Seeker to automatically detect the application version and assign the detected vulnerabilities to this version.
    - Configure Tracking Unsafe Data from External APIs
      Applications often trust data received from external APIs without validating their safety. Seeker helps you ensure the safe consumption of external APIs by treating their responses as unsafe data.
    - Configure Maximum Connected Agents
      Optimize your application performance by limiting the number of simultaneously connected Agents.
    - Configure Stack Trace Capturing
      Optimize your application performance by configuring the capturing of data flow stack traces for vulnerability detections in a project.
    - Configure Sampling
      Configure how the Agents should monitor identical requests.
    - Configure Suspending Agent on High Resource Usage
      Safeguard your application performance by automatically suspending Agent operation on high CPU/memory usage.
    - Configure Activity Monitoring
      Configure Seeker to monitor application activities.
    - Configure Automatic Project Creation in Composite Projects
      Enable the feature of automatic creation of regular projects within composite projects.
    - Configure Project Membership Inheritance in Composite Projects
      Facilitate user administration for composite projects.
    - Configure Software Composition Analysis
      Seeker integrates the composition analysis tools BDBA® and BDBA® (BDBA).
    - Configure Rapid Scan Static
      Configure Seeker to run Rapid Scan Static powered by the Sigma engine.
- Maintenance
  To ensure your Seeker system's health, perform periodic maintenance tasks.
- Using APIs
  Seeker provides a set of Web (REST) APIs that expose its basic functionality. You can use these APIs to automate various administration tasks, such as managing projects, exporting vulnerabilities or creating a diagnostic dump.
- Appendix A. Seeker Environment Variables
  Seeker uses a number of operating system (OS) environment variables and Java Virtual Machine (JVM) properties that administrators can configure to customize and fine-tune the behavior of Seeker server and Agents.

Configure Active Verification

Define how to apply Active Verification to the requests generated by an application.

The accuracy of vulnerability detection is empowered by the Seeker's Active Verification mechanism.

For background information, see About Active Verification.

In the main menu, click (Projects) and open a project that you want to configure..
Click Features.
Toggle the Enabled switch for Active Verification on.
Click Configure, and toggle Enable Active Verification for requests that perform data change operations.
If enabled, Active Verification would sends HTTP requests that potentially involve data change operations, such as adding database records.
Save your changes.
To enable or disable Active Verification for some parts of your application, click Configure exclusion rules.

Click Add exclusion rule to create a new rule or Edit for an existing one. In the Create/edit exclusion rule page that opens, enter the following:

Option	Description
What to exclude	From the dropdown list, choose Full requests or Parameters.
Request path pattern	Enter a pattern that the excluded request paths of your application should match, such as `/cart/`.
Parameter/Header name pattern	Exclude requests containing specific parameters or headers. Enter a pattern that parameter or header names should match, such as `Authorization` or `token`.

Note: You can use an asterisk (*) as a wild card in a pattern. For example: com.mycompany.testapp.*.

Save your changes.

As a result, no verification requests will be sent to your application for the excluded requests and/or parameters.

Automation with APIs

You can automate some of these tasks by using Seeker APIs. For the detailed API reference, click (Web API) in the main menu.

/api/{ver}/projects/{key}/settings/features/activeverification PUT: Enables or disables Active Verification for a project.