mirror of
https://github.com/openappsec/openappsec.git
synced 2025-06-28 16:41:02 +03:00
107 lines
2.6 KiB
YAML
107 lines
2.6 KiB
YAML
apiVersion: openappsec.io/v1beta2
|
|
kind: Policy
|
|
metadata:
|
|
name: open-appsec-best-practice-policy
|
|
spec:
|
|
default:
|
|
mode: prevent-learn
|
|
accessControlPractices: []
|
|
threatPreventionPractices: []
|
|
triggers: [appsec-log-trigger]
|
|
customResponse: 403-forbidden
|
|
sourceIdentifiers: ""
|
|
trustedSources: ""
|
|
exceptions: []
|
|
---
|
|
|
|
apiVersion: openappsec.io/v1beta2
|
|
kind: ThreatPreventionPractice
|
|
metadata:
|
|
name: appsec-best-practice
|
|
spec:
|
|
antiBot:
|
|
injectedUris: []
|
|
overrideMode: prevent
|
|
validatedUris: []
|
|
fileSecurity:
|
|
archiveInspection:
|
|
archivedFilesWhereContentExtractionFailed: detect
|
|
archivedFilesWithinArchivedFiles: prevent
|
|
extractArchiveFiles: true
|
|
scanMaxFileSize: 30
|
|
scanMaxFileSizeUnit: GB
|
|
largeFileInspection:
|
|
fileSizeLimit: 50
|
|
fileSizeLimitUnit: KB
|
|
filesExceedingSizeLimitAction: detect
|
|
highConfidenceEventAction: prevent
|
|
lowConfidenceEventAction: detect
|
|
mediumConfidenceEventAction: prevent
|
|
minSeverityLevel: medium
|
|
overrideMode: prevent
|
|
threatEmulationEnabled: false
|
|
unnamedFilesAction: prevent
|
|
intrusionPrevention:
|
|
highConfidenceEventAction: prevent
|
|
lowConfidenceEventAction: detect
|
|
maxPerformanceImpact: medium
|
|
mediumConfidenceEventAction: prevent
|
|
minCveYear: 2016
|
|
minSeverityLevel: medium
|
|
overrideMode: prevent
|
|
practiceMode: prevent
|
|
schemaValidation:
|
|
configmap:
|
|
- openapi-config
|
|
enforcementLevel: fullSchema
|
|
overrideMode: prevent
|
|
snortSignatures:
|
|
configmap:
|
|
- alert-config
|
|
overrideMode: prevent
|
|
webAttacks:
|
|
maxBodySizeKb: 1000000
|
|
maxHeaderSizeBytes: 102400
|
|
maxObjectDepth: 40
|
|
maxUrlSizeBytes: 32768
|
|
minimumConfidence: high
|
|
overrideMode: prevent
|
|
---
|
|
apiVersion: openappsec.io/v1beta2
|
|
kind: LogTrigger
|
|
metadata:
|
|
name: appsec-log-trigger
|
|
spec:
|
|
accessControlLogging:
|
|
allowEvents: false
|
|
dropEvents: true
|
|
appsecLogging:
|
|
detectEvents: true
|
|
preventEvents: true
|
|
allWebRequests: false
|
|
additionalSuspiciousEventsLogging:
|
|
enabled: true
|
|
minSeverity: high # {high|critical}
|
|
responseBody: false
|
|
responseCode: true
|
|
extendedLogging:
|
|
urlPath: true
|
|
urlQuery: true
|
|
httpHeaders: false
|
|
requestBody: false
|
|
logDestination:
|
|
cloud: true
|
|
logToAgent: true
|
|
stdout:
|
|
format: json-formatted
|
|
---
|
|
apiVersion: openappsec.io/v1beta2
|
|
kind: CustomResponse
|
|
metadata:
|
|
name: 403-forbidden
|
|
spec:
|
|
mode: response-code-only ## configurable modes: {block-page|redirect|response-code-only}
|
|
messageTitle: ""
|
|
messageBody: ""
|
|
httpResponseCode: 403
|