Shifting Left with Security Policy as Code (SPaC)
Response Rules: Active Defense and Incident Response
Imagine if you want to take a custom action when the wp-login.php is violated. NeuVector, with the Response Rules feature, allows you to implement such rules and automate your actions. For example, you can trigger a webhook, send an email, a Slack notification, quarantine the container, or do any other action like calling an external API or NeuVector's API.
To test this feature, create an ngrok tunnel to expose port 3000 on your local machine or the workspace server (this will be used as a webhook endpoint).
Use the following command:
# Install ngrok if you haven't already
# https://ngrok.com/downloads/
ngrok http 3000
Then, you can use the ngrok public URL and add it as a webhook in the NeuVector settings:
Webhook
Create a Response Rule to trigger the webhook when the rule is violated.
Response Rule
On your local machine, you can use the following Python script:
cat <<EOF > /tmp/webhook.py
# Import necessary modules from Flask
from flask import Flask, request
# Initialize the Flask application
app = Flask(__name__)
# Define a route that catches all paths and methods
@app.route('/', defaults={'path': ''}, methods=['GET', 'POST', 'PUT', 'DELETE', 'PATCH'])
@app.route('/' , methods=['GET', 'POST', 'PUT', 'DELETE', 'PATCH'])
def catch_all(path):
# Print the HTTP method used
print(f"Method: {request.method}")
# Print the requested path
print(f"Path: /{path}")
# Print all request headers
print(f"Headers: {dict(request.headers)}")
# Print the request body
print(f"Body: {request.get_data()}")DevSecOps in Practice
A Hands-On Guide to Operationalizing DevSecOps at ScaleEnroll now to unlock current content and receive all future updates for free. Your purchase supports the author and fuels the creation of more exciting content. Act fast, as the price will rise as the course nears completion!