ASM capabilities support

The following ASM capabilities are supported in the .NET library, for the specified tracer version:

ASM capabilityMinimum .NET tracer version
Threat Detection2.23.0
Threat Protection2.26.0
Customize response to blocked requests2.27.0
Software Composition Analysis (SCA)2.16.0
Code Security (beta)2.42.0
Automatic user activity event tracking2.32.0
API Security2.42.0

The minimum tracer version to get all supported ASM capabilities for .NET is 2.42.0.

Note: Threat Protection requires enabling Remote Configuration, which is included in the listed minimum tracer version.

Supported deployment types

TypeThreat Detection supportVulnerability Management for OSS support
Docker
Kubernetes
Amazon ECS
AWS Fargate
AWS Lambda
Azure App Service

Note: Azure App Service is supported for web applications only. ASM doesn’t support Azure Functions.

Language and framework compatibility

Supported .NET versions

.NET Framework VersionMicrosoft End of LifeSupport levelPackage version
4.8GAlatest
4.7.2GAlatest
4.7GAlatest
4.6.2GAlatest
4.6.104/26/2022GAlatest

These are supported on the following architectures:

  • Linux (GNU) x86-64, ARM64
  • Alpine Linux (musl) x86-64, ARM64
  • macOS (Darwin) x86-64, ARM64
  • Windows (msvc) x86, x86-64

Web framework compatibility

  • Attacker source HTTP request details
  • Tags for the HTTP request (status code, method, etc)
  • Distributed Tracing to see attack flows through your applications
ASM Capability Notes
  • Vulnerability Management for OSS is supported on all frameworks.
  • If your framework is not listed below, Vulnerability Management for Code-level will still detect Insecure Cookie vulnerabilities.
FrameworkThreat Detection supported?Threat Protection supported?Vulnerability Management for Code-level supported?
ASP.NET MVC
ASP.NET Web API 2
If you don't see your framework of choice listed, let us know! Fill out this short form to send details.

Data store compatibility

Datastore tracing provides:

  • SQL attack detection
  • query info (for example, a sanitized query string)
  • error and stacktrace capturing
ASM Capability Notes
  • Threat Protection also works at the HTTP request (input) layer, and so works for all databases by default, even those not listed in the table below.
FrameworkThreat Detection supported?Threat Protection supported?Vulnerability Management for Code-level supported?
OracleDB
ADO.NET
SQL Server
MySQL
SQLite

User Authentication Frameworks compatibility

Integrations to User Authentication Frameworks provides:

  • User login events including the user IDs
  • User signup events (apps using built-in SignInManager)
  • Account Takeover detection monitoring for user login events
Framework
> .Net Core 2.1