From 81433bac25480780c87185643c8b750af362fbd4 Mon Sep 17 00:00:00 2001 From: orianelou <126462046+orianelou@users.noreply.github.com> Date: Tue, 11 Feb 2025 15:42:20 +0200 Subject: [PATCH] Create local_policy.yaml --- .../linux/v1beta2/example/local_policy.yaml | 113 ++++++++++++++++++ 1 file changed, 113 insertions(+) create mode 100644 config/linux/v1beta2/example/local_policy.yaml diff --git a/config/linux/v1beta2/example/local_policy.yaml b/config/linux/v1beta2/example/local_policy.yaml new file mode 100644 index 0000000..5479b14 --- /dev/null +++ b/config/linux/v1beta2/example/local_policy.yaml @@ -0,0 +1,113 @@ +apiVersion: v1beta2 + +policies: + default: + mode: detect-learn + accessControlPractices: [access-control-practice-example] + threatPreventionPractices: [threat-prevention-practice-example] + triggers: [log-trigger-example] + customResponse: web-user-response-exmaple + sourceIdentifiers: "" + trustedSources: "" + exceptions: + - exception-example + specificRules: + - host: "example.com" + mode: prevent-learn + threatPreventionPractices: [threat-prevention-practice-example] + accessControlPractices: [access-control-practice-example] + triggers: [log-trigger-example] + customResponse: web-user-response-exmaple + sourceIdentifiers: "" + trustedSources: "" + exceptions: + - exception-example + +threatPreventionPractices: + - name: threat-prevention-practice-example + practiceMode: inherited + webAttacks: + overrideMode: inherited + minimumConfidence: high + intrusionPrevention: + # intrusion prevention (IPS) requires "Premium Edition" + overrideMode: inherited + maxPerformanceImpact: medium + minSeverityLevel: medium + minCveYear: 2016 + highConfidenceEventAction: inherited + mediumConfidenceEventAction: inherited + lowConfidenceEventAction: detect + fileSecurity: + # file security requires "Premium Edition" + overrideMode: inherited + minSeverityLevel: medium + highConfidenceEventAction: inherited + mediumConfidenceEventAction: inherited + lowConfidenceEventAction: detect + snortSignatures: + # you must specify snort signatures in configmap or file to activate snort inspection + overrideMode: inherited + configmap: [] + # relevant for deployments on kubernetes + # 0 or 1 configmaps supported in array + files: [] + # relevant for docker and linux embedded deployments + # 0 or 1 files supported in array + schemaValidation: # schema validation requires "Premium Edition" + overrideMode: inherited + configmap: [] + # relevant for deployments on kubernetes + # 0 or 1 configmaps supported in array + files: [] + # relevant for docker and linux embedded deployments + # 0 or 1 files supported in array + antiBot: # antibot requires "Premium Edition" + overrideMode: inherited + injectedUris: [] + validatedUris: [] + +accessControlPractices: + - name: access-control-practice-example + practiceMode: inherited + rateLimit: + # specify one or more rules below to use rate limiting + overrideMode: inherited + rules: [] + +customResponses: + - name: web-user-response-exmaple + mode: response-code-only + httpResponseCode: 403 + +logTriggers: + - name: log-trigger-example + accessControlLogging: + allowEvents: false + dropEvents: true + appsecLogging: + detectEvents: true + preventEvents: true + allWebRequests: false + extendedLogging: + urlPath: true + urlQuery: true + httpHeaders: false + requestBody: false + additionalSuspiciousEventsLogging: + enabled: true + minSeverity: high + responseBody: false + responseCode: true + logDestination: + cloud: true + logToAgent: false + stdout: + format: json + +exceptions: + - name: exception-example + action: "accept" + condition: + - key: "countryCode" + value: "US"