Create open-appsec-k8s-v1beta2.yaml

2025-06-28 16:41:02 +03:00 · 2024-12-31 10:13:04 +02:00 · 2024-12-31 10:13:04 +02:00 · 8a6809fb52
commit 8a6809fb52
parent 20e8e65e14
1 changed files with 106 additions and 0 deletions
--- a/config/k8s/v1beta2/open-appsec-k8s-v1beta2.yaml
+++ b/config/k8s/v1beta2/open-appsec-k8s-v1beta2.yaml
@ -0,0 +1,106 @@
+apiVersion: openappsec.io/v1beta2
+kind: Policy
+metadata:
+    name: open-appsec-best-practice-policy
+spec:
+    default:
+        mode: prevent-learn
+        accessControlPractices: []
+        threatPreventionPractices: []
+        triggers: [appsec-log-trigger]
+        customResponse: 403-forbidden
+        sourceIdentifiers: ""
+        trustedSources: ""
+        exceptions: []
+---
+
+apiVersion: openappsec.io/v1beta2
+kind: ThreatPreventionPractice
+metadata:
+  name: appsec-best-practice
+spec:
+  antiBot:
+    injectedUris: []
+    overrideMode: prevent
+    validatedUris: []
+  fileSecurity:
+    archiveInspection:
+      archivedFilesWhereContentExtractionFailed: detect
+      archivedFilesWithinArchivedFiles: prevent
+      extractArchiveFiles: true
+      scanMaxFileSize: 30
+      scanMaxFileSizeUnit: GB
+    largeFileInspection:
+      fileSizeLimit: 50
+      fileSizeLimitUnit: KB
+      filesExceedingSizeLimitAction: detect
+    highConfidenceEventAction: prevent
+    lowConfidenceEventAction: detect
+    mediumConfidenceEventAction: prevent
+    minSeverityLevel: medium
+    overrideMode: prevent
+    threatEmulationEnabled: false
+    unnamedFilesAction: prevent
+  intrusionPrevention:
+    highConfidenceEventAction: prevent
+    lowConfidenceEventAction: detect
+    maxPerformanceImpact: medium
+    mediumConfidenceEventAction: prevent
+    minCveYear: 2016
+    minSeverityLevel: medium
+    overrideMode: prevent
+  practiceMode: prevent
+  schemaValidation:
+    configmap:
+    - openapi-config
+    enforcementLevel: fullSchema
+    overrideMode: prevent
+  snortSignatures:
+    configmap:
+    - alert-config
+    overrideMode: prevent
+  webAttacks:
+    maxBodySizeKb: 1000000
+    maxHeaderSizeBytes: 102400
+    maxObjectDepth: 40
+    maxUrlSizeBytes: 32768
+    minimumConfidence: high
+    overrideMode: prevent
+---
+apiVersion: openappsec.io/v1beta2
+kind: LogTrigger
+metadata:
+  name: appsec-log-trigger
+spec:
+  accessControlLogging:
+    allowEvents: false
+    dropEvents: true
+  appsecLogging:
+    detectEvents: true
+    preventEvents: true
+    allWebRequests: false
+  additionalSuspiciousEventsLogging:
+    enabled: true
+    minSeverity: high # {high|critical}
+    responseBody: false
+    responseCode: true
+  extendedLogging:
+    urlPath: true
+    urlQuery: true
+    httpHeaders: false
+    requestBody: false
+  logDestination:
+    cloud: true
+    logToAgent: true
+    stdout:
+      format: json-formatted
+---
+apiVersion: openappsec.io/v1beta2
+kind: CustomResponse
+metadata:
+  name: 403-forbidden
+spec:
+  mode: response-code-only ## configurable modes: {block-page|redirect|response-code-only}
+  messageTitle: ""
+  messageBody: ""
+  httpResponseCode: 403