diff --git a/config/linux/v1beta1/schema/schema_v1beta1.yaml b/config/linux/v1beta1/schema/schema_v1beta1.yaml new file mode 100644 index 0000000..2006b8d --- /dev/null +++ b/config/linux/v1beta1/schema/schema_v1beta1.yaml @@ -0,0 +1,434 @@ +ype: object +properties: + policies: + type: object + properties: + default: + type: object + properties: + custom-response: + type: string + exceptions: + items: + type: string + type: array + mode: + enum: + - prevent-learn + - detect-learn + - prevent + - detect + - inactive + type: string + practices: + items: + type: string + type: array + source-identifiers: + type: string + triggers: + items: + type: string + type: array + trusted-sources: + type: string + required: + - mode + - practices + - triggers + specific-rules: + type: array + items: + properties: + host: + type: string + custom-response: + type: string + exceptions: + items: + type: string + type: array + mode: + enum: + - prevent-learn + - detect-learn + - prevent + - detect + - inactive + type: string + practices: + items: + type: string + type: array + source-identifiers: + type: string + triggers: + items: + type: string + type: array + trusted-sources: + type: string + required: + - mode + - host + - practices + - triggers + type: object + practices: + type: array + items: + properties: + name: + type: string + anti-bot: + properties: + injected-URIs: + items: + properties: + uri: + type: string + type: object + type: array + override-mode: + enum: + - prevent-learn + - detect-learn + - prevent + - detect + - inactive + - as-top-level + type: string + default: "inactive" + validated-URIs: + items: + properties: + uri: + type: string + type: object + type: array + type: object + openapi-schema-validation: + properties: + files: + items: + type: string + type: array + override-mode: + enum: + - prevent-learn + - detect-learn + - prevent + - detect + - inactive + - as-top-level + type: string + type: object + snort-signatures: + properties: + files: + items: + type: string + type: array + override-mode: + enum: + - prevent-learn + - detect-learn + - prevent + - detect + - inactive + - as-top-level + type: string + type: object + web-attacks: + properties: + max-body-size-kb: + type: integer + max-header-size-bytes: + type: integer + max-object-depth: + type: integer + max-url-size-bytes: + type: integer + minimum-confidence: + enum: + - medium + - high + - critical + type: string + override-mode: + enum: + - prevent-learn + - detect-learn + - prevent + - detect + - inactive + - as-top-level + type: string + protections: + properties: + csrf-enabled: + enum: + - prevent-learn + - detect-learn + - prevent + - detect + - inactive + type: string + error-disclosure-enabled: + enum: + - prevent-learn + - detect-learn + - prevent + - detect + - inactive + type: string + non-valid-http-methods: + type: boolean + open-redirect-enabled: + enum: + - prevent-learn + - detect-learn + - prevent + - detect + - inactive + type: string + type: object + type: object + required: + - name + custom-responses: + type: array + minItems: 0 + items: + type: object + properties: + name: + type: string + http-response-code: + maximum: 599 + minimum: 100 + default: 403 + type: integer + message-body: + type: string + default: "Attack blocked by web application protection" + message-title: + type: string + default: "Openappsec's Application Security has detected an attack and blocked it." + mode: + enum: + - block-page + - response-code-only + type: string + required: + - name + log-triggers: + type: array + minItems: 0 + items: + type: object + properties: + name: + type: string + access-control-logging: + properties: + allow-events: + type: boolean + default: false + drop-events: + type: boolean + default: false + type: object + additional-suspicious-events-logging: + properties: + enabled: + type: boolean + default true: + minimum-severity: + enum: + - high + - critical + type: string + default: "high" + response-body: + type: boolean + default: false + response-code: + type: boolean + default: true + type: object + appsec-logging: + properties: + all-web-requests: + type: boolean + default: false + detect-events: + type: boolean + default: false + prevent-events: + type: boolean + default: true + type: object + extended-logging: + properties: + http-headers: + type: boolean + default: false + request-body: + type: boolean + default: false + url-path: + type: boolean + default: false + url-query: + type: boolean + default: false + type: object + log-destination: + properties: + cef-service: + minItems: 0 + items: + properties: + address: + type: string + port: + type: integer + proto: + enum: + - tcp + - udp + type: string + type: object + type: array + cloud: + type: boolean + default: false + stdout: + properties: + format: + enum: + - json + - json-formatted + type: string + default: json + type: object + syslog-service: + minItems: 0 + items: + properties: + address: + type: string + port: + type: integer + type: object + type: array + type: object + required: + - name + exceptions: + type: array + minItems: 0 + items: + type: object + properties: + name: + type: string + action: + enum: + - skip + - accept + - drop + - suppressLog + type: string + comment: + type: string + countryCode: + items: + type: string + type: array + countryName: + items: + type: string + type: array + hostName: + items: + type: string + type: array + paramName: + items: + type: string + type: array + paramValue: + items: + type: string + type: array + protectionName: + items: + type: string + type: array + sourceIdentifier: + items: + type: string + type: array + sourceIp: + items: + type: string + type: array + url: + items: + type: string + type: array + required: + - name + - action + trusted-sources: + type: array + minItems: 0 + items: + type: object + properties: + name: + type: string + minNumOfSources: + type: integer + minimum: 1 + default: 3 + sources-identifiers: + items: + type: string + type: array + required: + - name + - sources-identifiers + source-identifiers: + type: array + minItems: 0 + items: + type: object + properties: + name: + type: string + identifiers: + type: array + minItems: 1 + items: + type: object + source-identifier: + enum: + - headerkey + - JWTKey + - cookie + - sourceip + - x-forwarded-for + type: string + value: + items: + type: string + type: array + required: + - source-identifier + required: + - name + - identifiers +additionalProperties: false diff --git a/config/linux/v1beta1/schema/schema_v1beta2.yaml b/config/linux/v1beta1/schema/schema_v1beta2.yaml deleted file mode 100644 index fcb2b33..0000000 --- a/config/linux/v1beta1/schema/schema_v1beta2.yaml +++ /dev/null @@ -1,752 +0,0 @@ -type: object -properties: - apiVersion: - type: string - enum: - - v1beta1 - - v1beta2 - policies: - type: object - properties: - appsecClassName: - type: string - default: - type: object - required: - - mode - - threatPreventionPractices - - accessControlPractices - properties: - mode: - type: string - enum: - - prevent-learn - - detect-learn - - prevent - - detect - - inactive - default: detect-learn - threatPreventionPractices: - type: array - items: - type: string - accessControlPractices: - type: array - items: - type: string - customResponse: - type: string - default: "403" - triggers: - type: array - items: - type: string - sourceIdentifiers: - type: string - trustedSources: - type: string - exceptions: - type: array - items: - type: string - specificRules: - type: array - items: - type: object - properties: - name: - type: string - host: - type: string - mode: - type: string - enum: - - prevent-learn - - detect-learn - - prevent - - detect - - inactive - default: detect-learn - threatPreventionPractices: - type: array - items: - type: string - accessControlPractices: - type: array - items: - type: string - triggers: - type: array - items: - type: string - customResponse: - type: string - sourceIdentifiers: - type: string - trustedSources: - type: string - exceptions: - type: array - items: - type: string - logTriggers: - type: array - items: - type: object - required: - - accessControlLogging - - appsecLogging - - additionalSuspiciousEventsLogging - - extendedLogging - - logDestination - properties: - appsecClassName: - type: string - name: - type: string - accessControlLogging: - type: object - properties: - allowEvents: - type: boolean - default: false - dropEvents: - type: boolean - default: true - appsecLogging: - type: object - properties: - detectEvents: - type: boolean - default: true - preventEvents: - type: boolean - default: true - allWebRequests: - type: boolean - default: false - additionalSuspiciousEventsLogging: - type: object - properties: - enabled: - type: boolean - default: true - minSeverity: - type: string - enum: - - high - - critical - default: high - responseBody: - type: boolean - default: false - responseCode: - type: boolean - default: true - extendedLogging: - type: object - properties: - urlPath: - type: boolean - default: false - urlQuery: - type: boolean - default: false - httpHeaders: - type: boolean - default: false - requestBody: - type: boolean - default: false - logDestination: - type: object - properties: - cloud: - type: boolean - default: false - local-tuning: - type: boolean - default: false - syslogService: - type: array - items: - type: object - properties: - address: - type: string - port: - type: integer - logToAgent: - type: boolean - default: true - stdout: - type: object - properties: - format: - type: string - enum: - - json - - json-formatted - default: json - cefService: - type: array - items: - type: object - properties: - address: - type: string - port: - type: integer - proto: - type: string - enum: - - tcp - - udp - threatPreventionPractices: - type: array - items: - type: object - required: - - webAttacks - - intrusionPrevention - - fileSecurity - - snortSignatures - properties: - appsecClassName: - type: string - name: - type: string - practiceMode: - type: string - enum: - - inherited - - prevent-learn - - detect-learn - - prevent - - detect - - inactive - default: inherited - webAttacks: - type: object - required: - - overrideMode - properties: - overrideMode: - type: string - enum: - - prevent-learn - - detect-learn - - prevent - - detect - - inactive - - inherited - default: inactive - minimumConfidence: - type: string - enum: - - medium - - high - - critical - default: high - maxUrlSizeBytes: - type: integer - default: 32768 - maxObjectDepth: - type: integer - default: 40 - maxBodySizeKb: - type: integer - default: 1000000 - maxHeaderSizeBytes: - type: integer - default: 102400 - protections: - type: object - properties: - csrfProtection: - type: string - enum: - - prevent-learn - - detect-learn - - prevent - - detect - - inactive - - inherited - default: inactive - errorDisclosure: - type: string - enum: - - prevent-learn - - detect-learn - - prevent - - detect - - inactive - - inherited - default: inactive - openRedirect: - type: string - enum: - - prevent-learn - - detect-learn - - prevent - - detect - - inactive - - inherited - default: inactive - nonValidHttpMethods: - type: boolean - default: false - antiBot: - type: object - required: - - overrideMode - properties: - overrideMode: - type: string - enum: - - prevent-learn - - detect-learn - - prevent - - detect - - inactive - - inherited - default: inactive - injectedUris: - type: array - items: - type: object - properties: - uri: - type: string - validatedUris: - type: array - items: - type: object - properties: - uri: - type: string - snortSignatures: - type: object - required: - - overrideMode - properties: - overrideMode: - type: string - enum: - - prevent-learn - - detect-learn - - prevent - - detect - - inactive - - inherited - default: inactive - configmap: - type: array - items: - type: string - files: - type: array - items: - type: string - schemaValidation: - type: object - required: - - overrideMode - properties: - overrideMode: - type: string - enum: - - prevent-learn - - detect-learn - - prevent - - detect - - inactive - - inherited - default: inactive - enforcementLevel: - type: string - configmap: - type: array - items: - type: string - files: - type: array - items: - type: string - intrusionPrevention: - type: object - required: - - overrideMode - properties: - overrideMode: - type: string - enum: - - prevent-learn - - detect-learn - - prevent - - detect - - inactive - - inherited - default: inactive - maxPerformanceImpact: - type: string - enum: - - low - - medium - - high - default: medium - minSeverityLevel: - type: string - enum: - - low - - medium - - high - - critical - default: medium - minCveYear: - type: integer - default: 2016 - highConfidenceEventAction: - type: string - enum: - - prevent - - detect - - inactive - - inherited - default: inherited - mediumConfidenceEventAction: - type: string - enum: - - prevent - - detect - - inactive - - inherited - default: inherited - lowConfidenceEventAction: - type: string - enum: - - prevent - - detect - - inactive - - inherited - default: detect - fileSecurity: - type: object - required: - - overrideMode - properties: - overrideMode: - type: string - enum: - - prevent-learn - - detect-learn - - prevent - - detect - - inactive - - inherited - default: inactive - minSeverityLevel: - type: string - enum: - - low - - medium - - high - - critical - default: medium - highConfidenceEventAction: - type: string - enum: - - prevent - - detect - - inactive - - inherited - default: inherited - mediumConfidenceEventAction: - type: string - enum: - - prevent - - detect - - inactive - - inherited - default: inherited - lowConfidenceEventAction: - type: string - enum: - - prevent - - detect - - inactive - - inherited - default: detect - archiveInspection: - type: object - properties: - extractArchiveFiles: - type: boolean - default: false - scanMaxFileSize: - type: integer - default: 10 - scanMaxFileSizeUnit: - type: string - enum: - - bytes - - KB - - MB - - GB - default: MB - archivedFilesWithinArchivedFiles: - type: string - enum: - - prevent - - detect - - inactive - - inherited #as set in overrideMode for fileSecurity - default: inherited - archivedFilesWhereContentExtractionFailed: - type: string - enum: - - prevent - - detect - - inactive - - inherited #as set in overrideMode for fileSecurity - default: inherited - largeFileInspection: - type: object - properties: - fileSizeLimit: - type: integer - default: 10 - fileSizeLimitUnit: - type: string - enum: - - bytes - - KB - - MB - - GB - default: MB - filesExceedingSizeLimitAction: - type: string - enum: - - prevent - - detect - - inactive - - inherited #as set in overrideMode for fileSecurity - default: inherited - unnamedFilesAction: - type: string - enum: - - prevent - - detect - - inactive - - inherited #as set in overrideMode for fileSecurity - default: inherited - threatEmulationEnabled: - type: boolean - default: false - accessControlPractices: - type: array - items: - type: object - required: - - rateLimit - properties: - appsecClassName: - type: string - name: - type: string - practiceMode: - type: string - enum: - - inherited #inherited from mode set in policy - - prevent - - detect - - inactive - default: inherited - rateLimit: - type: object - required: - - overrideMode - properties: - overrideMode: - type: string - enum: - - prevent - - detect - - inactive - - inherited - default: inactive - rules: - type: array - items: - type: object - properties: - action: # currently not supported - type: string - enum: - - inherited - - prevent - - detect - default: inherited - condition: # currently not supported - type: array - items: - type: object - required: - - key - - value - properties: - key: - type: string - value: - type: string - uri: - type: string - limit: - type: integer - unit: - type: string - enum: - - minute - - second - default: minute - triggers: - type: array - items: - type: string - comment: - type: string - customResponses: - type: array - items: - type: object - required: - - mode - properties: - appsecClassName: - type: string - name: - type: string - mode: - type: string - enum: - - block-page - - redirect - - response-code-only - default: response-code-only - messageTitle: - type: string - messageBody: - type: string - httpResponseCode: - type: integer - minimum: 100 - maximum: 599 - default: 403 - redirectUrl: - type: string - redirectAddXEventId: - type: boolean - default: false - sourcesIdentifiers: - type: array - items: - type: object - required: - - sourcesIdentifiers - properties: - name: - type: string - sourcesIdentifiers: - type: array - items: - type: object - required: - - identifier - properties: - identifier: - type: string - enum: - - headerkey - - JWTKey - - cookie - - sourceip - - x-forwarded-for - default: sourceip - value: - type: array - items: - type: string - exceptions: - type: array - items: - type: object - required: - - action - - condition - properties: - appsecClassName: - type: string - name: - type: string - action: - type: string - enum: - - skip - - accept - - drop - - suppressLog - default: accept - condition: - type: array - items: - type: object - required: - - key - - value - properties: - key: - type: string - value: - type: string - trustedSources: - type: array - items: - type: object - required: - - minNumOfSources - - sourcesIdentifiers - properties: - appsecClassName: - type: string - name: - type: string - minNumOfSources: - type: integer - default: 3 - sourcesIdentifiers: - type: array - items: - type: string - policyActivations: - type: array - items: - type: object - properties: - appsecClassName: - type: string - enabledPolicies: - type: array - items: - type: object - properties: - name: - type: string - hosts: - type: array - items: - type: string - required: - - hosts - required: - - enabledPolicies -additionalProperties: false