mirror of
https://github.com/openappsec/openappsec.git
synced 2025-06-28 16:41:02 +03:00
117 lines
3.0 KiB
YAML
117 lines
3.0 KiB
YAML
# open-appsec default declarative configuration file
|
|
# based on schema version: "v1beta2"
|
|
# more information on declarative configuration: https://docs.openappsec.io
|
|
|
|
apiVersion: openappsec.io/v1beta2
|
|
kind: Policy
|
|
metadata:
|
|
name: default-policy
|
|
spec:
|
|
default:
|
|
# start in prevent-learn
|
|
mode: prevent-learn
|
|
threatPreventionPractices:
|
|
- default-threat-prevention-practice
|
|
accessControlPractices:
|
|
- default-access-control-practice
|
|
customResponse: default-web-user-response
|
|
triggers:
|
|
- default-log-trigger
|
|
---
|
|
apiVersion: openappsec.io/v1beta2
|
|
kind: ThreatPreventionPractice
|
|
metadata:
|
|
name: default-threat-prevention-practice
|
|
spec:
|
|
practiceMode: inherited
|
|
webAttacks:
|
|
overrideMode: inherited
|
|
minimumConfidence: high
|
|
intrusionPrevention:
|
|
# intrusion prevention (IPS) requires "Premium Edition"
|
|
overrideMode: inherited
|
|
maxPerformanceImpact: medium
|
|
minSeverityLevel: medium
|
|
minCveYear: 2016
|
|
highConfidenceEventAction: inherited
|
|
mediumConfidenceEventAction: inherited
|
|
lowConfidenceEventAction: detect
|
|
fileSecurity:
|
|
# file security requires "Premium Edition"
|
|
overrideMode: inherited
|
|
minSeverityLevel: medium
|
|
highConfidenceEventAction: inherited
|
|
mediumConfidenceEventAction: inherited
|
|
lowConfidenceEventAction: detect
|
|
snortSignatures:
|
|
# you must specify snort signatures in configmap or file to activate snort inspection
|
|
overrideMode: inherited
|
|
configmap: []
|
|
# relevant for deployments on kubernetes
|
|
# 0 or 1 configmaps supported in array
|
|
files: []
|
|
# relevant for docker and linux embedded deployments
|
|
# 0 or 1 files supported in array
|
|
schemaValidation: # schema validation requires "Premium Edition"
|
|
overrideMode: inherited
|
|
configmap: []
|
|
# relevant for deployments on kubernetes
|
|
# 0 or 1 configmaps supported in array
|
|
files: []
|
|
# relevant for docker and linux embedded deployments
|
|
# 0 or 1 files supported in array
|
|
antiBot: # antibot requires "Premium Edition"
|
|
overrideMode: inherited
|
|
injectedUris: []
|
|
validatedUris: []
|
|
|
|
---
|
|
apiVersion: openappsec.io/v1beta2
|
|
kind: AccessControlPractice
|
|
metadata:
|
|
name: default-access-control-practice
|
|
spec:
|
|
practiceMode: inherited
|
|
rateLimit:
|
|
# specify one or more rules below to use rate limiting
|
|
overrideMode: inherited
|
|
rules: []
|
|
|
|
---
|
|
apiVersion: openappsec.io/v1beta2
|
|
kind: LogTrigger
|
|
metadata:
|
|
name: default-log-trigger
|
|
spec:
|
|
accessControlLogging:
|
|
allowEvents: false
|
|
dropEvents: true
|
|
appsecLogging:
|
|
detectEvents: true
|
|
preventEvents: true
|
|
allWebRequests: false
|
|
extendedLogging:
|
|
urlPath: true
|
|
urlQuery: true
|
|
httpHeaders: false
|
|
requestBody: false
|
|
additionalSuspiciousEventsLogging:
|
|
enabled: true
|
|
minSeverity: high
|
|
responseBody: false
|
|
responseCode: true
|
|
logDestination:
|
|
cloud: true
|
|
logToAgent: true
|
|
stdout:
|
|
format: json
|
|
|
|
---
|
|
apiVersion: openappsec.io/v1beta2
|
|
kind: CustomResponse
|
|
metadata:
|
|
name: default-web-user-response
|
|
spec:
|
|
mode: response-code-only
|
|
httpResponseCode: 403
|