Skip to main content

Scripts [USER GUIDE for Security Solution]

  • Updated

Note: This guide refers to Source Defense's Security solution, for more information on this solution contact us.

To see a list of all the scripts found on all sites of the account entered, click Scripts in the left-hand menu:

mceclip0__2_.png

You can set the rows per page to 5, 10 or 25. We are using 5 to avoid scrolling.

The table columns are described below:

Column Heading

Description

Script List (Table name)

List of 3rd, 4th+ party scripts found on the account. Click on script to see list of sites where they appear. Click again on site to select site and see more details on selected script onsite.

Script Name

Script name, or script domain if script not yet identified.

Type

3rd - 3rd party script invoked by website directly or by a tag manager

4th+ - scripts that are invoked by a 3rd or higher party script.

Vendor

Company supplying the script

Category

Script category

Popularity

Script popularity

First Detected

The first time this incident was detected on the site.

Last Detected

The most recent time this incident was detected on the site.

Clicking a Script entry opens a subsidiary window, called Script Site List, described in the next section.

1 Scripts Site List

Clicking a Script entry opens a subsidiary window with a further table, listing all the sites where this script appears:

help_image_1.png

The table columns are described below:

Column Heading

Description

Site

Site name

Type

3rd - 3rd party script invoked by website directly or by a tag manager

4th+ - scripts that are invoked by a 3rd or higher party script.

Behaviors

Script behaviors identified on this site.

First Detected

The first time this script was identified on this site.

Last Detected

The last time this script was detected on the site.

Policy

Identified for Detection mode

Status

New for Detection mode

 

Note

Further action for an Identified script depends on whether you are using Protection or Detection mode. In Detection mode, you can only monitor a script.

 

Clicking anywhere on the line opens the Script Page window. 

 

For managing scipts that appear on multiple sites, see the relevant article(s):

How do I handle scripts that appear on multiple sites? [FAQ]

How do I authorize and justify scripts that appear on multiple sites? [FAQ]

How do I manage new script behaviors that appear on multiple sites? [FAQ]

2 Scripts Page Overview

The Scripts page shows the details of the script selected. A typical Scripts page looks like this:

 

 

 

There are twelve key parts of the script detail page: 

  1. Title and status
  2. Type, source, and date
  3. Script description
  4. PCI justification
  5. Script status
  6. Recorded events
  7. Request map
  8. Domain risks
  9. Script popularity
  10. Observed script behaviors
  11. Domain information
  12. SSL certificate information


2.1 Title and status

The title is the script originator. In Detection mode, all scripts are in the  Identified state. What is displayed  is what is potentially possible in Protection mode. See section 2.3.3.1 below.

2.2 Type source and dates:

This line contains the following information:

  • Script category is one of – 
  • Advertising
  • Analytics
  • Developer Utilities
  • Marketing
  • Tag Management
  • Video
  • Script type – 3rd or 4th+ party
  • Loaded by whom
  • First detection date
  • Most recent detection date

2.3 Script description:

The About section contains a script description (available online) as provided by the site-owner of the script under examination.

mceclip3.png


2.4 PCI Justification:

Scripts presented on payment pages must be justified to satisfy PCI DSS 4.0 Requirement 6.4.3. A script justification of up to 1,000 characters may be entered into the text box provided. 


2.5 Script status:

The Script status section shows information about how the script is currently being managed by Source Defense. 

Clicking the "Manage" button will allow you to make changes to the current policy, if available. 

 

 

2.6 Events:

These are events recorded during the specified first date/last date period:

The table columns are described below:

Column Heading

Description

Events (Table name)

Events are compiled from many types of signals Source Defense collects from the scripts’ behavior on the website.

Risk

Risk Icon

Meaning
i.png

Information
m.png

Medium
h.png

High
c.png

Critical

Event Type

Incident type is determined by what the scripts doing on the website, the specific website page and the data being collected.

First Detected

The first time this incident was detected on the site.

Last Detected

The most recent time this incident was detected on the site.


Clicking a down-arrow under Risk opens a further sub-display showing the incident details:

 

2.7 Script request map:

The Script request map shows the entire path from where this script originated i.e. it shows the scripts in an invocation hierarchy. 

mceclip9.png

See section 2.1.8, Request map pane for further details.

 

3.8 Domain risks

The domain risk widget will show any relevant information about risks related to the domain from which the script is served, such as the domain appearing in a blacklist. 

3.9 Popularity

Popularity is displayed as 1 to 3 green stars and popularity level. It has a tooltip as follows:

# Stars

Popularity Category

Tooltip
0 Rare The script was found in use by less than 100 websites.
1 Uncommon This script was found in use by approximately 100 to 10,000 websites.
2 Common This script was found in use by approximately 10,000 to 100,000 websites.
3 Popular This script was found in use by more than 100,000 websites

 

3.10 Script behaviors

The Script behaviors widget (shown on the right) shows all of the behaviors Source Defense has observed this particular script performing. Behaviors that have been observed are marked in red (stating "Is" doing behavior), whereas behaviors that have not been observed are displayed in grey (stating "Not" doing behavior). 

Newly observed behaviors will appear at the top of the list with the "NEW" label. Once a behavior is "acknowledged" it will no longer appear as "NEW". To acknowledge the behaviors, click on one of the script behaviors and follow the guidelines in section 3.11 below.

A green shield icon on the behavior, as seen on the top behaviors on the right, represents behaviors whose risks are mitigated due to the script policy placed on this script. This is only relevant for those using the Protect product.

A yield icon on the behavior, as seen on the behavior below, represent behaviors whose risks can be mitigated if the script policy is applied to the script. The policy feature is only available for those using the Protect product.

 

To track and monitor script behaviors, and to learn more about them, click on any of the script behaviors found and listed in the widget. This will open the screen below.

For more information on the script behaviors, see the FAQ What are observed behaviors or observed script behaviors? [FAQ]

3.11 Script behavior details and acknowledgement screen

 

The script behavior acknowledgement screen (shown above) allows you to acknowledge that the newly observed behaviors have been noted and that you do not wish to be notified of them again. Source Defense Protect customers may see additional behavior management options, as shown below: 

 

 

3.11 Domain info:

Domain info shows its creation and expiry dates.

3.12 Other:

You may also see SSL info if the domain is validated with a certificate.

 

Click here for explanations on concepts and terms related to the Security solution.

Related articles