Track Learning and Local Tuning in Standalone Deployments

Checking learning progress and performing local tuning decisions in standalone deployments (see above) is currently in beta.

Here you find instructions how you can get access to the following features in open-appsec standalone deployments:

  • Check open-appsec machine learning progress locally

  • Get configuration recommendations based on current learning progress level

  • Receive and decide upon tuning suggestions (supervised learning) presented to you by the open-appsec contextual machine-learning engine.

Make sure to read this first to learn more about learning, tuning suggestions and moving from detect to prevent in open-appsec:

Track Learning and Move From Learn/Detect to Prevent

Prerequisites:

  • Existing open-appsec deployment (Docker-Compose or Kubernetes) (Linux-embedded are not supported for local tuning in standalone mode.)

  • No Agent Token configured in the deployment (no connection to central WebUI)

  • Make sure that agent already received some traffic already, as otherwise the open-appsec-tuning-tool will not be able to provide any statistics, recommendations, etc.

Installation of the "open-appsec-tuning-tool"

  • Download the open-appsec-local-tuning tool

wget https://downloads.openappsec.io/tools/open-appsec-tuning-tool && chmod +x ./open-appsec-tuning-tool

Using the open-appsec-tuning-tool

  1. Run the open-appsec-tuning-tool to get an overview of the available options:

./open-appsec-tuning-tool
open-appsec tuning tool main menu
  1. Select among the available options presented:

  • View statistics Select [1] to view current learning statistics, learning progress and receive recommendations for configuration based on those.

It may take up to 10 min until you see updated metrics here based on new traffic.

statistics view in open-appsec-tuning-tool
  • Manage tuning suggestions for learning Select [2] to view tuning suggestions in case there are some available based on observed traffic and learning state. To perform tuning: - First select a tuning suggestion based on it's ID. - Review the relevant logs presented which allow you to better decide what decision to take for that suggestion. (You also have the option to export those logs into a .csv file.) - Take a decision on that tuning suggestion by setting it to "malicious" or "benign".

see tuning suggestions in open-appsec-tuning-tool
manage tuning suggestions in open-appsec-tuning-tool
  • View tuning decisions Select [3] to view tuning decisions which you already took based on earlier tuning suggestions.

The open-appsec-tuning-tool supports the following optional parameters:

-env {k8s|docker|embedded} set the environment type, by default the tool will try to auto-detect the environment type of the open-appsec deployment

-tuning-host <host[:port]|pod> set the tuning container hostname and optionally also a non-standard port for Docker-based deployments or the pod name for deployments in Kubernetes (see also the -namespace parameter below for setting open-appsec deployment's Kubernetes namespace)

-namespace set the open-appsec deployment namespace (Kubernetes only)

-agent <container|pod> set open-appsec agent container (Docker) or pod (Kubernetes) for open-appsec tuning tool to connect to default is auto-detect

-port set local port on host to use for port-forwarding to the tuning container default is auto-select an available port (Kubernetes)

-help show open-appsec-tuning-tool help

-version show version of the open-appsec-tuning-tool

Last updated

Was this helpful?