Skip to content

Commit

Permalink
SECKSD-14400 export eval attack groups
Browse files Browse the repository at this point in the history 
SECKSD-14400 export eval attack groups
  • Loading branch information
@robertolopezlopez
aignachk authored and robertolopezlopez committed Apr 20, 2022
1 parent 3a7d675 commit ebf63fb
Show file tree
Hide file tree
Showing 2 changed files with 140 additions and 2 deletions.
6 changes: 4 additions & 2 deletions pkg/appsec/export_configuration.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -651,8 +651,10 @@ type (
// WebApplicationFirewallEvaluation is returned as part of GetExportConfigurationResponse.
WebApplicationFirewallEvaluation struct {
AttackGroupActions []struct {
Action string `json:"action"`
Group string `json:"group"`
Action string `json:"action"`
Group string `json:"group"`
Exception *RuleException `json:"exception,omitempty"`
AdvancedExceptionsList *AdvancedExceptions `json:"advancedExceptions,omitempty"`
} `json:"attackGroupActions,omitempty"`
EvaluationID int `json:"evaluationId"`
EvaluationVersion int `json:"evaluationVersion"`
Expand Down
136 changes: 136 additions & 0 deletions pkg/appsec/testdata/TestExportConfiguration/ExportConfiguration.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4723,6 +4723,142 @@
"applyReputationControls": true,
"applySlowPostControls": true
},
"webApplicationFirewall": {
"ruleActions": [
{
"action": "alert",
"id": 950002,
"rulesetVersionId": 7392
},
{
"action": "alert",
"id": 950006,
"rulesetVersionId": 7392
}
],
"attackGroupActions": [
{
"action": "alert",
"group": "POLICY",
"rulesetVersionId": 7392
},
{
"action": "alert",
"group": "WAT",
"rulesetVersionId": 7392
},
{
"action": "alert",
"group": "PROTOCOL",
"rulesetVersionId": 7392
},
{
"action": "alert",
"group": "SQL",
"rulesetVersionId": 7392
},
{
"action": "alert",
"group": "XSS",
"rulesetVersionId": 7392,
"exception": {
"specificHeaderCookieParamXmlOrJsonNames": [
{
"names": [
"ASE-Manual-EVAL-HEADER"
],
"selector": "REQUEST_HEADERS"
}
]
}
},
{
"action": "alert",
"group": "CMD",
"rulesetVersionId": 7392
},
{
"action": "alert",
"group": "LFI",
"rulesetVersionId": 7392,
"exception": {
"specificHeaderCookieParamXmlOrJsonNames": [
{
"names": [
"ASE-Manual-Active-COOKIES"
],
"selector": "REQUEST_COOKIES",
"wildcard": true
}
]
}
},
{
"action": "alert",
"group": "RFI",
"rulesetVersionId": 7392
},
{
"action": "alert",
"group": "PLATFORM",
"rulesetVersionId": 7392
}
],
"evaluation": {
"attackGroupActions": [
{
"action": "alert",
"group": "POLICY"
},
{
"action": "alert",
"group": "WAT"
},
{
"action": "alert",
"group": "PROTOCOL"
},
{
"action": "alert",
"group": "SQL"
},
{
"action": "alert",
"group": "XSS"
},
{
"action": "deny",
"group": "CMD"
},
{
"action": "alert",
"group": "LFI"
},
{
"action": "alert",
"group": "RFI"
},
{
"action": "alert",
"group": "PLATFORM"
}
],
"evaluationId": 13904,
"evaluationVersion": 1,
"ruleActions": [
{
"action": "alert",
"id": 950002
},
{
"action": "alert",
"id": 950006
}
],
"rulesetVersionId": 7592
},
"threatIntel": "on"
},
"apiRequestConstraints": {
"apiEndpoints": []
},
Expand Down

0 comments on commit ebf63fb

Please sign in to comment.