Create open-appsec-k8s-prevent-config-v1beta2.yaml

config/k8s/v1beta2/open-appsec-k8s-prevent-config-v1beta2.yaml

@@ -0,0 +1,126 @@
+# open-appsec default declarative configuration file
+# based on schema version: "v1beta2"
+# more information on declarative configuration: https://docs.openappsec.io
+
+apiVersion: openappsec.io/v1beta2
+kind: Policy
+metadata:
+  name: default-policy
+spec:
+  default:
+    # start in prevent-learn
+    mode: prevent-learn
+    threatPreventionPractices:
+    - default-threat-prevention-practice
+    accessControlPractices:
+    - default-access-control-practice
+    customResponses: default-web-user-response
+    triggers:
+    - default-log-trigger
+  specificRules:
+    - host: www.example.com
+      # this is an example for specific rule, adjust the values as required for the protected app
+      mode: prevent-learn
+      threatPreventionPractices:
+      - default-threat-prevention-practice
+      accessControlPractices:
+      - default-access-control-practice
+      triggers:
+      - default-log-trigger
+---
+apiVersion: openappsec.io/v1beta2
+kind: ThreatPreventionPractice
+metadata:
+  name: default-threat-prevention-practice
+spec:
+  practiceMode: inherited
+  webAttacks:
+    overrideMode: inherited
+    minimumConfidence: high
+  intrusionPrevention:
+  # intrusion prevention (IPS) requires "Premium Edition"
+    overrideMode: inherited
+    maxPerformanceImpact: medium
+    minSeverityLevel: medium
+    minCveYear: 2016
+    highConfidenceEventAction: inherited
+    mediumConfidenceEventAction: inherited
+    lowConfidenceEventAction: detect
+  fileSecurity:
+  # file security requires "Premium Edition"
+    overrideMode: inherited
+    minSeverityLevel: medium
+    highConfidenceEventAction: inherited
+    mediumConfidenceEventAction: inherited
+    lowConfidenceEventAction: detect
+  snortSignatures:
+    # you must specify snort signatures in configmap or file to activate snort inspection
+    overrideMode: inherited
+    configmap: []
+    # relevant for deployments on kubernetes
+    # 0 or 1 configmaps supported in array
+    files: []
+    # relevant for docker and linux embedded deployments
+    # 0 or 1 files supported in array
+  openapiSchemaValidation: # schema validation requires "Premium Edition"
+    overrideMode: inherited
+    configmap: []
+    # relevant for deployments on kubernetes
+    # 0 or 1 configmaps supported in array
+    files: []
+    # relevant for docker and linux embedded deployments
+    # 0 or 1 files supported in array
+  antiBot: # antibot requires "Premium Edition"
+    overrideMode: inherited
+    injectedUris: []
+    validatedUris: []
+
+---
+apiVersion: openappsec.io/v1beta2
+kind: AccessControlPractice
+metadata:
+  name: default-access-control-practice
+spec:
+  practiceMode: inherited
+  rateLimit:
+  # specify one or more rules below to use rate limiting
+    overrideMode: inherited
+    rules: []
+
+---
+apiVersion: openappsec.io/v1beta2
+kind: LogTrigger
+metadata:
+  name: default-log-trigger
+spec:
+  accessControlLogging:
+    allowEvents: false
+    dropEvents: true
+  appsecLogging:
+    detectEvents: true
+    preventEvents: true
+    allWebRequests: false
+  extendedLogging:
+    urlPath: true
+    urlQuery: true
+    httpHeaders: false
+    requestBody: false      
+  additionalSuspiciousEventsLogging:
+    enabled: true
+    minSeverity: high
+    responseBody: false
+    responseCode: true
+  logDestination:
+    cloud: true
+    logToAgent: false
+    stdout:
+      format: json
+    
+---
+apiVersion: openappsec.io/v1beta2
+kind: CustomResponse
+metadata:
+  name: default-web-user-response
+spec:
+  mode: response-code-only
+  httpResponseCode: 403