Track Learning and Local Tuning in Standalone Deployments
Checking learning progress and performing local tuning decisions in standalone deployments (see above) is currently in beta.
This feature is not yet supported for embedded deployments on Linux.
This is only relevant if your deployment is not connected to central WebUI at all, thus running in standalone mode with local, decalarative management. Once you are connected to the central WebUI with deployment profile in either "This management" mode or "Declarative configuration" mode, then you can see learning progress and decide on local tuning suggestions from within the central WebUI at https://my.openappsec.io.
Here you find instructions how you can get access to the following features in open-appsec standalone deployments:
Check open-appsec machine learning progress locally
Get configuration recommendations based on current learning progress level
Receive and decide upon tuning suggestions (supervised learning) presented to you by the open-appsec contextual machine-learning engine.
Make sure to read this first to learn more about learning, tuning suggestions and moving from detect to prevent in open-appsec:
Track Learning and Move From Learn/Detect to PreventPrerequisites:
If your deployment is on Docker: In order to have access to the below functionality your deployment must have been done using the "docker-compose" based deployment option, as only this deployment option will deploy the required additional containers for local learning and tuning when configured correctly for standalone deployment. Currently as this is still in beta phase for docker platform this is available for integration with NGINX, more integrations will be reported soon as well. See here for details: [add link to docker-compose based deployment option]
Existing open-appsec deployment (Docker-Compose or Kubernetes) (Linux-embedded are not supported for local tuning in standalone mode.)
No Agent Token configured in the deployment (no connection to central WebUI)
Make sure that agent already received some traffic already, as otherwise the open-appsec-tuning-tool will not be able to provide any statistics, recommendations, etc.
Installation of the "open-appsec-tuning-tool"
Download the open-appsec-local-tuning tool
Using the open-appsec-tuning-tool
Run the open-appsec-tuning-tool to get an overview of the available options:
Select among the available options presented:
View statistics Select [1] to view current learning statistics, learning progress and receive recommendations for configuration based on those.
It may take up to 10 min until you see updated metrics here based on new traffic.
Manage tuning suggestions for learning Select [2] to view tuning suggestions in case there are some available based on observed traffic and learning state. To perform tuning: - First select a tuning suggestion based on it's ID. - Review the relevant logs presented which allow you to better decide what decision to take for that suggestion. (You also have the option to export those logs into a .csv file.) - Take a decision on that tuning suggestion by setting it to "malicious" or "benign".
View tuning decisions Select [3] to view tuning decisions which you already took based on earlier tuning suggestions.
The open-appsec-tuning-tool supports the following optional parameters:
open-appsec-tuning-tool supports the following optional parameters:-env {k8s|docker|embedded} set the environment type, by default the tool will try to auto-detect the environment type of the open-appsec deployment
-tuning-host <host[:port]|pod>
set the tuning container hostname and optionally also a non-standard port for Docker-based deployments or the pod name for deployments in Kubernetes (see also the -namespace parameter below for setting open-appsec deployment's Kubernetes namespace)
-namespace set the open-appsec deployment namespace (Kubernetes only)
-agent <container|pod> set open-appsec agent container (Docker) or pod (Kubernetes) for open-appsec tuning tool to connect to default is auto-detect
-port set local port on host to use for port-forwarding to the tuning container default is auto-select an available port (Kubernetes)
-help show open-appsec-tuning-tool help
-version show version of the open-appsec-tuning-tool
Last updated
Was this helpful?
