From 504d1415a5ab6cfc9b7b221b07939b05d7cc133a Mon Sep 17 00:00:00 2001
From: orianelou <126462046+orianelou@users.noreply.github.com>
Date: Mon, 17 Jun 2024 13:39:40 +0300
Subject: [PATCH] Create local_policy.yaml

---
 config/linux/latest/detect/local_policy.yaml | 52 ++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 config/linux/latest/detect/local_policy.yaml

diff --git a/config/linux/latest/detect/local_policy.yaml b/config/linux/latest/detect/local_policy.yaml
new file mode 100644
index 0000000..b7fa3d6
--- /dev/null
+++ b/config/linux/latest/detect/local_policy.yaml
@@ -0,0 +1,52 @@
+policies:
+  default:
+    triggers:
+    - appsec-default-log-trigger
+    mode: detect-learn
+    practices:
+    - webapp-default-practice
+    custom-response: appsec-default-web-user-response
+  specific-rules: []
+
+practices:
+  - name: webapp-default-practice
+    openapi-schema-validation:
+      configmap: []
+      override-mode: detect-learn
+    snort-signatures:
+      configmap: []
+      override-mode: detect-learn
+    web-attacks:
+      max-body-size-kb: 1000000
+      max-header-size-bytes: 102400
+      max-object-depth: 40
+      max-url-size-bytes: 32768
+      minimum-confidence: critical
+      override-mode: detect-learn
+      protections:
+        csrf-protection: inactive
+        error-disclosure: inactive
+        non-valid-http-methods: false
+        open-redirect: inactive
+    anti-bot:
+      injected-URIs: []
+      validated-URIs: []
+      override-mode: detect-learn
+
+log-triggers:
+  - name: appsec-default-log-trigger
+    access-control-logging:
+      allow-events: false
+      drop-events: true
+    additional-suspicious-events-logging:
+      enabled: true
+      minimum-severity: high
+      response-body: false
+    appsec-logging:
+      all-web-requests: false
+      detect-events: true
+      prevent-events: true
+    extended-logging:
+      http-headers: false
+      request-body: false
+      url-path: false