I’m trying to configure appsec
this is my adquis.yaml
---
source: docker
use_container_labels: true
# docker_host: tcp://proxydmz-socketproxy:2375
---
filenames:
- /var/log/homeassistant/home-assistant.log
labels:
type: home-assistant
---
listen_addr: 0.0.0.0:7422
appsec_configs:
- crowdsecurity/appsec-default
- crowdsecurity/generic-rules
- crowdsecurity/virtual-patching
source: appsec
labels:
type: appsec
Is this even possible?
or it should be
appsec_config: crowdsecurity/appsec-default
Are generic rules and virtual paching as well if I don’t add them?
So crowdsecurity/appsec-default is the combination of the other 2, so if you want to only use vpatch or generic rules then you only list one of them but if you want to use both then just define appsec-default. Note if you would like to add your own rules in the future then at that time you can migrate over to appsec_configs.
1 Like
And is normal not to have almost any appsec hit??
Is the appsec engine with 0.0.0.0:7422 right? or should I use the real IP that crowdsec has in my network?
traefik plugin config
That is fine cause when inside a container it doesnt matter if you bind to all interfaces cause it only has access to one you attach to the networking. so in short its fine.
1 Like
