open-appsec
WebsiteManagement PortalPlaygroundGitHub
  • open-appsec Documentation
  • What is open-appsec?
  • open-appsec Video Tutorials
  • Release Notes
  • Getting started
    • Getting Started
    • Start With Kubernetes
      • Install Using Interactive CLI Tool (Ingress NGINX)
      • Configuration Using Interactive CLI Tool
      • Install Using Helm
      • Install Using Helm - new flow (beta)
      • Configuration Using CRDs
      • Configuration Using CRDs - v1beta2
      • Configuration using CRDs - special options for Large Scale Deployments
        • Using appsec class for assigning separate custom resources to specific deployments
        • Using namespace-scoped custom resources
      • Monitor Events
    • Start With Linux
      • Install open-appsec for Linux
      • Using the open-appsec-ctl Tool
      • Configuration Using Local Policy File (Linux)
      • Local Policy File (Advanced)
      • Local Policy File v1beta2 (beta)
      • Monitor Events
    • Start with Docker
      • Install With Docker (Centrally Managed)
      • Install With Docker (Locally Managed)
      • Deploy With Docker-Compose (Beta)
      • Configuration Using Local Policy File (Docker)
      • Local Policy File (Advanced)
    • Using the Web UI (SaaS)
      • Sign-Up and Login to Portal
      • Agents Deployment
      • Connect Deployed Agents to SaaS Management Using Tool (K8s & Linux)
      • Connect Deployed Agents to SaaS Management Using Helm (K8s)
      • Connect Deployed Agents to SaaS Management (Docker)
      • Create a Profile
      • Protect Additional Assets
      • Monitor Events
    • Using the Advanced Machine Learning Model
  • Concepts
    • Agents
    • Management & Automation
    • Security Practices
    • Contextual Machine Learning
  • SETUP INSTRUCTIONS
    • Setup Web Application Settings
    • Setup Custom Rules and Exceptions
    • Setup Web User Response Pages
    • Setup Log Triggers
    • Setup Behavior Upon Failure
    • Setup Agent Upgrade Schedule
  • Additional Security Engines
    • Anti-Bot
    • API Schema Enforcement
    • Data Loss Prevention (DLP) Rules
    • File Security
    • Intrusion Prevention System (IPS)
    • Rate Limit
  • Snort Rules
    • Import Snort Rules
    • Write Snort Signatures
  • HOW TO
    • Configuration and Learning
      • Track Learning and Move From Learn/Detect to Prevent
      • Configure Contextual Machine Learning for Best Accuracy
      • Track Learning and Local Tuning in Standalone Deployments
      • Move From Detect to Prevent in K8s With Many Ingress Rules
  • Deployment and Upgrade
    • Load the Attachment in Proxy Configuration
    • Upgrade Your Reverse Proxy/API Gateway When an Agent is Installed
    • Integration in GitOps CD (K8s)
    • Build open-appsec Based on Source Code
  • Management Web UI
    • Track Agent Status
    • Delete or Reset Management Tenant (SaaS)
    • Disconnect an open-appsec agent from Central Management
  • Integrations
    • About Integrations With 3rd Party Solutions
    • CrowdSec
      • CrowdSec Bouncer Support
      • CrowdSec Intelligence Sharing Using open-appsec Parser/Scenario
    • NGINX Proxy Manager
      • Install NGINX Proxy Manager with open-appsec managed from NPM WebUI
      • Install NGINX Proxy Manager with open-appsec managed from central WebUI (SaaS)
      • Frequently Asked Questions
      • How to Migrate from an Existing NGINX Proxy Manager Deployment and Keep Configuration
    • NPMplus
    • Docker SWAG
      • Install Docker SWAG with open-appsec (locally managed)
      • How to connect locally managed Docker SWAG with open-appsec to WebUI
      • Install Docker SWAG with open-appsec (centrally managed)
      • Deploy Docker SWAG with docker-compose (beta)
      • Frequently Asked Questions
  • Troubleshooting
    • Troubleshooting
    • Troubleshooting Guides
      • Configuration contains ingress/asset with URL which already has asset attached to it in your tenant
      • HTTP Request to Port 80 Not Returning as Expected
      • Agent Fails to Recognize HTTP Transactions with NGINX
      • Agent Not Recognizing Initial HTTP Requests
      • Handling Large Requests (413 Responses)
      • open-appsec on Docker HTTP Transaction Handler Is Set To Ready
      • Traffic Recognition Issue on Single-Core Machine/Connection Timed Out
      • Installing open-appsec on CentOS 7
      • SELinux: checking status and disabling
      • Deploy open-appsec directly on the web server hosting the application to protect
      • object is locked or remote, and therefore cannot be modified
      • Failed to Register to Fog
  • references
    • Agent CLI
    • Event Query Language
    • Events/Logs Schema
    • WAF Comparison Project
Powered by GitBook
On this page
  • Prerequisites:
  • Installation of the "open-appsec-tuning-tool"
  • Using the open-appsec-tuning-tool

Was this helpful?

  1. HOW TO
  2. Configuration and Learning

Track Learning and Local Tuning in Standalone Deployments

PreviousConfigure Contextual Machine Learning for Best AccuracyNextMove From Detect to Prevent in K8s With Many Ingress Rules

Last updated 5 months ago

Was this helpful?

Checking learning progress and performing local tuning decisions in standalone deployments (see above) is currently in beta.

This feature is not yet supported for embedded deployments on Linux.

This is only relevant if your deployment is not connected to central WebUI at all, thus running in standalone mode with local, decalarative management. Once you are connected to the central WebUI with deployment profile in either "This management" mode or "Declarative configuration" mode, then you can see learning progress and decide on local tuning suggestions from within the central WebUI at .

Here you find instructions how you can get access to the following features in open-appsec standalone deployments:

  • Check open-appsec machine learning progress locally

  • Get configuration recommendations based on current learning progress level

  • Receive and decide upon tuning suggestions (supervised learning) presented to you by the open-appsec contextual machine-learning engine.

Make sure to read this first to learn more about learning, tuning suggestions and moving from detect to prevent in open-appsec:

Prerequisites:

If your deployment is on Docker: In order to have access to the below functionality your deployment must have been done using the "docker-compose" based deployment option, as only this deployment option will deploy the required additional containers for local learning and tuning when configured correctly for standalone deployment. Currently as this is still in beta phase for docker platform this is available for integration with NGINX, more integrations will be reported soon as well. See here for details: [add link to docker-compose based deployment option]

  • Existing open-appsec deployment (Docker-Compose or Kubernetes) (Linux-embedded are not supported for local tuning in standalone mode.)

  • No Agent Token configured in the deployment (no connection to central WebUI)

  • Make sure that agent already received some traffic already, as otherwise the open-appsec-tuning-tool will not be able to provide any statistics, recommendations, etc.

Installation of the "open-appsec-tuning-tool"

  • Download the open-appsec-local-tuning tool

wget https://downloads.openappsec.io/tools/open-appsec-tuning-tool && chmod +x ./open-appsec-tuning-tool

Using the open-appsec-tuning-tool

  1. Run the open-appsec-tuning-tool to get an overview of the available options:

./open-appsec-tuning-tool
  1. Select among the available options presented:

  • View statistics Select [1] to view current learning statistics, learning progress and receive recommendations for configuration based on those.

It may take up to 10 min until you see updated metrics here based on new traffic.

  • Manage tuning suggestions for learning Select [2] to view tuning suggestions in case there are some available based on observed traffic and learning state. To perform tuning: - First select a tuning suggestion based on it's ID. - Review the relevant logs presented which allow you to better decide what decision to take for that suggestion. (You also have the option to export those logs into a .csv file.) - Take a decision on that tuning suggestion by setting it to "malicious" or "benign".

  • View tuning decisions Select [3] to view tuning decisions which you already took based on earlier tuning suggestions.

The open-appsec-tuning-tool supports the following optional parameters:

-env {k8s|docker|embedded} set the environment type, by default the tool will try to auto-detect the environment type of the open-appsec deployment

-tuning-host <host[:port]|pod> set the tuning container hostname and optionally also a non-standard port for Docker-based deployments or the pod name for deployments in Kubernetes (see also the -namespace parameter below for setting open-appsec deployment's Kubernetes namespace)

-namespace set the open-appsec deployment namespace (Kubernetes only)

-agent <container|pod> set open-appsec agent container (Docker) or pod (Kubernetes) for open-appsec tuning tool to connect to default is auto-detect

-port set local port on host to use for port-forwarding to the tuning container default is auto-select an available port (Kubernetes)

-help show open-appsec-tuning-tool help

-version show version of the open-appsec-tuning-tool

https://my.openappsec.io
Track Learning and Move From Learn/Detect to Prevent
open-appsec tuning tool main menu
statistics view in open-appsec-tuning-tool
see tuning suggestions in open-appsec-tuning-tool
manage tuning suggestions in open-appsec-tuning-tool