730 lines
49 KiB
JSON
730 lines
49 KiB
JSON
{
|
|
"name": "CreateWafCustomRule",
|
|
"fully_qualified_name": "DatadogApi.CreateWafCustomRule@0.1.0",
|
|
"description": "Create a new web application firewall custom rule.\n\nUse this tool to define a new custom rule for the web application firewall, enhancing security configurations.",
|
|
"toolkit": {
|
|
"name": "ArcadeDatadogApi",
|
|
"description": null,
|
|
"version": "0.1.0"
|
|
},
|
|
"input": {
|
|
"parameters": [
|
|
{
|
|
"name": "waf_custom_rule_definition",
|
|
"required": true,
|
|
"description": "JSON object defining the new WAF custom rule. Includes attributes, conditions, name, path_glob, scope, tags, and type (always 'custom_rule').",
|
|
"value_schema": {
|
|
"val_type": "json",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": {
|
|
"data": {
|
|
"val_type": "json",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": {
|
|
"attributes": {
|
|
"val_type": "json",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": {
|
|
"action": {
|
|
"val_type": "json",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": {
|
|
"action": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": [
|
|
"redirect_request",
|
|
"block_request"
|
|
],
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "Override the default action to take when the WAF custom rule would block."
|
|
},
|
|
"parameters": {
|
|
"val_type": "json",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": {
|
|
"location": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "The location to redirect to when the WAF custom rule triggers."
|
|
},
|
|
"status_code": {
|
|
"val_type": "integer",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "The status code to return when the WAF custom rule triggers."
|
|
}
|
|
},
|
|
"inner_properties": null,
|
|
"description": "The definition of `ApplicationSecurityWafCustomRuleActionParameters` object."
|
|
}
|
|
},
|
|
"inner_properties": null,
|
|
"description": "The definition of `ApplicationSecurityWafCustomRuleAction` object."
|
|
},
|
|
"blocking": {
|
|
"val_type": "boolean",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "Indicates whether the WAF custom rule will block the request."
|
|
},
|
|
"conditions": {
|
|
"val_type": "array",
|
|
"inner_val_type": "json",
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": {
|
|
"operator": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": [
|
|
"match_regex",
|
|
"!match_regex",
|
|
"phrase_match",
|
|
"!phrase_match",
|
|
"is_xss",
|
|
"is_sqli",
|
|
"exact_match",
|
|
"!exact_match",
|
|
"ip_match",
|
|
"!ip_match",
|
|
"capture_data"
|
|
],
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "Operator to use for the WAF Condition."
|
|
},
|
|
"parameters": {
|
|
"val_type": "json",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": {
|
|
"data": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "Identifier of a list of data from the denylist. Can only be used as substitution from the list parameter."
|
|
},
|
|
"inputs": {
|
|
"val_type": "array",
|
|
"inner_val_type": "json",
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": {
|
|
"address": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": [
|
|
"server.db.statement",
|
|
"server.io.fs.file",
|
|
"server.io.net.url",
|
|
"server.sys.shell.cmd",
|
|
"server.request.method",
|
|
"server.request.uri.raw",
|
|
"server.request.path_params",
|
|
"server.request.query",
|
|
"server.request.headers.no_cookies",
|
|
"server.request.cookies",
|
|
"server.request.trailers",
|
|
"server.request.body",
|
|
"server.response.status",
|
|
"server.response.headers.no_cookies",
|
|
"server.response.trailers",
|
|
"grpc.server.request.metadata",
|
|
"grpc.server.request.message",
|
|
"grpc.server.method",
|
|
"graphql.server.all_resolvers",
|
|
"usr.id",
|
|
"http.client_ip"
|
|
],
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "Input from the request on which the condition should apply."
|
|
},
|
|
"key_path": {
|
|
"val_type": "array",
|
|
"inner_val_type": "string",
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "Specific path for the input."
|
|
}
|
|
},
|
|
"description": "List of inputs on which at least one should match with the given operator."
|
|
},
|
|
"list": {
|
|
"val_type": "array",
|
|
"inner_val_type": "string",
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "List of value to use with the condition. Only used with the phrase_match, !phrase_match, exact_match and\n!exact_match operator."
|
|
},
|
|
"options": {
|
|
"val_type": "json",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": {
|
|
"case_sensitive": {
|
|
"val_type": "boolean",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "Evaluate the value as case sensitive."
|
|
},
|
|
"min_length": {
|
|
"val_type": "integer",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "Only evaluate this condition if the value has a minimum amount of characters."
|
|
}
|
|
},
|
|
"inner_properties": null,
|
|
"description": "Options for the operator of this condition."
|
|
},
|
|
"regex": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "Regex to use with the condition. Only used with match_regex and !match_regex operator."
|
|
},
|
|
"value": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "Store the captured value in the specified tag name. Only used with the capture_data operator."
|
|
}
|
|
},
|
|
"inner_properties": null,
|
|
"description": "The scope of the WAF custom rule."
|
|
}
|
|
},
|
|
"description": "Conditions for which the WAF Custom Rule will triggers, all conditions needs to match in order for the WAF\nrule to trigger"
|
|
},
|
|
"enabled": {
|
|
"val_type": "boolean",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "Indicates whether the WAF custom rule is enabled."
|
|
},
|
|
"name": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "The Name of the WAF custom rule."
|
|
},
|
|
"path_glob": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "The path glob for the WAF custom rule."
|
|
},
|
|
"scope": {
|
|
"val_type": "array",
|
|
"inner_val_type": "json",
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": {
|
|
"env": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "The environment scope for the WAF custom rule."
|
|
},
|
|
"service": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "The service scope for the WAF custom rule."
|
|
}
|
|
},
|
|
"description": "The scope of the WAF custom rule."
|
|
},
|
|
"tags": {
|
|
"val_type": "json",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": {
|
|
"category": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": [
|
|
"attack_attempt",
|
|
"business_logic",
|
|
"security_response"
|
|
],
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "The category of the WAF Rule, can be either `business_logic`, `attack_attempt` or `security_response`."
|
|
},
|
|
"type": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "The type of the WAF rule, associated with the category will form the security activity."
|
|
}
|
|
},
|
|
"inner_properties": null,
|
|
"description": "Tags associated with the WAF Custom Rule. The concatenation of category and type will form the security\nactivity field associated with the traces."
|
|
}
|
|
},
|
|
"inner_properties": null,
|
|
"description": "Create a new WAF custom rule."
|
|
},
|
|
"type": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": [
|
|
"custom_rule"
|
|
],
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "The type of the resource. The value should always be `custom_rule`."
|
|
}
|
|
},
|
|
"inner_properties": null,
|
|
"description": "Object for a single WAF custom rule."
|
|
}
|
|
},
|
|
"inner_properties": null,
|
|
"description": "The definition of the new WAF Custom Rule."
|
|
},
|
|
"inferrable": true,
|
|
"http_endpoint_parameter_name": "requestBody"
|
|
}
|
|
]
|
|
},
|
|
"output": {
|
|
"description": "Response from the API endpoint 'CreateApplicationSecurityWafCustomRule'.",
|
|
"available_modes": [
|
|
"value",
|
|
"error",
|
|
"null"
|
|
],
|
|
"value_schema": {
|
|
"val_type": "json",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": null
|
|
}
|
|
},
|
|
"requirements": {
|
|
"authorization": null,
|
|
"secrets": [
|
|
{
|
|
"key": "DATADOG_API_KEY"
|
|
},
|
|
{
|
|
"key": "DATADOG_APPLICATION_KEY"
|
|
},
|
|
{
|
|
"key": "DATADOG_BASE_URL"
|
|
}
|
|
],
|
|
"metadata": null
|
|
},
|
|
"deprecation_message": null,
|
|
"metadata": {
|
|
"object_type": "api_wrapper_tool",
|
|
"version": "1.1.0",
|
|
"description": "Tools that enable LLMs to interact directly with the Datadog API."
|
|
},
|
|
"http_endpoint": {
|
|
"metadata": {
|
|
"object_type": "http_endpoint",
|
|
"version": "1.2.0",
|
|
"description": ""
|
|
},
|
|
"url": "https://{datadog_base_url}/api/v2/remote_config/products/asm/waf/custom_rules",
|
|
"http_method": "POST",
|
|
"headers": {},
|
|
"parameters": [
|
|
{
|
|
"name": "requestBody",
|
|
"tool_parameter_name": "waf_custom_rule_definition",
|
|
"description": "The definition of the new WAF Custom Rule.",
|
|
"value_schema": {
|
|
"val_type": "json",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": {
|
|
"data": {
|
|
"val_type": "json",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": {
|
|
"attributes": {
|
|
"val_type": "json",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": {
|
|
"action": {
|
|
"val_type": "json",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": {
|
|
"action": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": [
|
|
"redirect_request",
|
|
"block_request"
|
|
],
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "Override the default action to take when the WAF custom rule would block."
|
|
},
|
|
"parameters": {
|
|
"val_type": "json",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": {
|
|
"location": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "The location to redirect to when the WAF custom rule triggers."
|
|
},
|
|
"status_code": {
|
|
"val_type": "integer",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "The status code to return when the WAF custom rule triggers."
|
|
}
|
|
},
|
|
"inner_properties": null,
|
|
"description": "The definition of `ApplicationSecurityWafCustomRuleActionParameters` object."
|
|
}
|
|
},
|
|
"inner_properties": null,
|
|
"description": "The definition of `ApplicationSecurityWafCustomRuleAction` object."
|
|
},
|
|
"blocking": {
|
|
"val_type": "boolean",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "Indicates whether the WAF custom rule will block the request."
|
|
},
|
|
"conditions": {
|
|
"val_type": "array",
|
|
"inner_val_type": "json",
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": {
|
|
"operator": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": [
|
|
"match_regex",
|
|
"!match_regex",
|
|
"phrase_match",
|
|
"!phrase_match",
|
|
"is_xss",
|
|
"is_sqli",
|
|
"exact_match",
|
|
"!exact_match",
|
|
"ip_match",
|
|
"!ip_match",
|
|
"capture_data"
|
|
],
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "Operator to use for the WAF Condition."
|
|
},
|
|
"parameters": {
|
|
"val_type": "json",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": {
|
|
"data": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "Identifier of a list of data from the denylist. Can only be used as substitution from the list parameter."
|
|
},
|
|
"inputs": {
|
|
"val_type": "array",
|
|
"inner_val_type": "json",
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": {
|
|
"address": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": [
|
|
"server.db.statement",
|
|
"server.io.fs.file",
|
|
"server.io.net.url",
|
|
"server.sys.shell.cmd",
|
|
"server.request.method",
|
|
"server.request.uri.raw",
|
|
"server.request.path_params",
|
|
"server.request.query",
|
|
"server.request.headers.no_cookies",
|
|
"server.request.cookies",
|
|
"server.request.trailers",
|
|
"server.request.body",
|
|
"server.response.status",
|
|
"server.response.headers.no_cookies",
|
|
"server.response.trailers",
|
|
"grpc.server.request.metadata",
|
|
"grpc.server.request.message",
|
|
"grpc.server.method",
|
|
"graphql.server.all_resolvers",
|
|
"usr.id",
|
|
"http.client_ip"
|
|
],
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "Input from the request on which the condition should apply."
|
|
},
|
|
"key_path": {
|
|
"val_type": "array",
|
|
"inner_val_type": "string",
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "Specific path for the input."
|
|
}
|
|
},
|
|
"description": "List of inputs on which at least one should match with the given operator."
|
|
},
|
|
"list": {
|
|
"val_type": "array",
|
|
"inner_val_type": "string",
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "List of value to use with the condition. Only used with the phrase_match, !phrase_match, exact_match and\n!exact_match operator."
|
|
},
|
|
"options": {
|
|
"val_type": "json",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": {
|
|
"case_sensitive": {
|
|
"val_type": "boolean",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "Evaluate the value as case sensitive."
|
|
},
|
|
"min_length": {
|
|
"val_type": "integer",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "Only evaluate this condition if the value has a minimum amount of characters."
|
|
}
|
|
},
|
|
"inner_properties": null,
|
|
"description": "Options for the operator of this condition."
|
|
},
|
|
"regex": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "Regex to use with the condition. Only used with match_regex and !match_regex operator."
|
|
},
|
|
"value": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "Store the captured value in the specified tag name. Only used with the capture_data operator."
|
|
}
|
|
},
|
|
"inner_properties": null,
|
|
"description": "The scope of the WAF custom rule."
|
|
}
|
|
},
|
|
"description": "Conditions for which the WAF Custom Rule will triggers, all conditions needs to match in order for the WAF\nrule to trigger"
|
|
},
|
|
"enabled": {
|
|
"val_type": "boolean",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "Indicates whether the WAF custom rule is enabled."
|
|
},
|
|
"name": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "The Name of the WAF custom rule."
|
|
},
|
|
"path_glob": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "The path glob for the WAF custom rule."
|
|
},
|
|
"scope": {
|
|
"val_type": "array",
|
|
"inner_val_type": "json",
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": {
|
|
"env": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "The environment scope for the WAF custom rule."
|
|
},
|
|
"service": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "The service scope for the WAF custom rule."
|
|
}
|
|
},
|
|
"description": "The scope of the WAF custom rule."
|
|
},
|
|
"tags": {
|
|
"val_type": "json",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": {
|
|
"category": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": [
|
|
"attack_attempt",
|
|
"business_logic",
|
|
"security_response"
|
|
],
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "The category of the WAF Rule, can be either `business_logic`, `attack_attempt` or `security_response`."
|
|
},
|
|
"type": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": null,
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "The type of the WAF rule, associated with the category will form the security activity."
|
|
}
|
|
},
|
|
"inner_properties": null,
|
|
"description": "Tags associated with the WAF Custom Rule. The concatenation of category and type will form the security\nactivity field associated with the traces."
|
|
}
|
|
},
|
|
"inner_properties": null,
|
|
"description": "Create a new WAF custom rule."
|
|
},
|
|
"type": {
|
|
"val_type": "string",
|
|
"inner_val_type": null,
|
|
"enum": [
|
|
"custom_rule"
|
|
],
|
|
"properties": null,
|
|
"inner_properties": null,
|
|
"description": "The type of the resource. The value should always be `custom_rule`."
|
|
}
|
|
},
|
|
"inner_properties": null,
|
|
"description": "Object for a single WAF custom rule."
|
|
}
|
|
},
|
|
"inner_properties": null,
|
|
"description": "The definition of the new WAF Custom Rule."
|
|
},
|
|
"accepted_as": "body",
|
|
"required": true,
|
|
"deprecated": false,
|
|
"default": null,
|
|
"documentation_urls": []
|
|
}
|
|
],
|
|
"documentation_urls": [],
|
|
"secrets": [
|
|
{
|
|
"arcade_key": "DATADOG_API_KEY",
|
|
"parameter_name": "DD-API-KEY",
|
|
"accepted_as": "header",
|
|
"formatted_value": null,
|
|
"description": "",
|
|
"is_auth_token": false
|
|
},
|
|
{
|
|
"arcade_key": "DATADOG_APPLICATION_KEY",
|
|
"parameter_name": "DD-APPLICATION-KEY",
|
|
"accepted_as": "header",
|
|
"formatted_value": null,
|
|
"description": "",
|
|
"is_auth_token": false
|
|
},
|
|
{
|
|
"arcade_key": "DATADOG_BASE_URL",
|
|
"parameter_name": "datadog_base_url",
|
|
"accepted_as": "path",
|
|
"formatted_value": null,
|
|
"description": "",
|
|
"is_auth_token": false
|
|
}
|
|
],
|
|
"request_body_spec": "{\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"description\": \"Request object that includes the custom rule to create.\",\n \"properties\": {\n \"data\": {\n \"description\": \"Object for a single WAF custom rule.\",\n \"properties\": {\n \"attributes\": {\n \"description\": \"Create a new WAF custom rule.\",\n \"properties\": {\n \"action\": {\n \"description\": \"The definition of `ApplicationSecurityWafCustomRuleAction` object.\",\n \"properties\": {\n \"action\": {\n \"default\": \"block_request\",\n \"description\": \"Override the default action to take when the WAF custom rule would block.\",\n \"enum\": [\n \"redirect_request\",\n \"block_request\"\n ],\n \"example\": \"block_request\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"REDIRECT_REQUEST\",\n \"BLOCK_REQUEST\"\n ]\n },\n \"parameters\": {\n \"description\": \"The definition of `ApplicationSecurityWafCustomRuleActionParameters` object.\",\n \"properties\": {\n \"location\": {\n \"description\": \"The location to redirect to when the WAF custom rule triggers.\",\n \"example\": \"/blocking\",\n \"type\": \"string\"\n },\n \"status_code\": {\n \"default\": 403,\n \"description\": \"The status code to return when the WAF custom rule triggers.\",\n \"example\": 403,\n \"format\": \"int64\",\n \"type\": \"integer\"\n }\n },\n \"type\": \"object\"\n }\n },\n \"type\": \"object\"\n },\n \"blocking\": {\n \"description\": \"Indicates whether the WAF custom rule will block the request.\",\n \"example\": false,\n \"type\": \"boolean\"\n },\n \"conditions\": {\n \"description\": \"Conditions for which the WAF Custom Rule will triggers, all conditions needs to match in order for the WAF\\nrule to trigger\",\n \"items\": {\n \"description\": \"One condition of the WAF Custom Rule.\",\n \"properties\": {\n \"operator\": {\n \"description\": \"Operator to use for the WAF Condition.\",\n \"enum\": [\n \"match_regex\",\n \"!match_regex\",\n \"phrase_match\",\n \"!phrase_match\",\n \"is_xss\",\n \"is_sqli\",\n \"exact_match\",\n \"!exact_match\",\n \"ip_match\",\n \"!ip_match\",\n \"capture_data\"\n ],\n \"example\": \"match_regex\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"MATCH_REGEX\",\n \"NOT_MATCH_REGEX\",\n \"PHRASE_MATCH\",\n \"NOT_PHRASE_MATCH\",\n \"IS_XSS\",\n \"IS_SQLI\",\n \"EXACT_MATCH\",\n \"NOT_EXACT_MATCH\",\n \"IP_MATCH\",\n \"NOT_IP_MATCH\",\n \"CAPTURE_DATA\"\n ]\n },\n \"parameters\": {\n \"description\": \"The scope of the WAF custom rule.\",\n \"properties\": {\n \"data\": {\n \"description\": \"Identifier of a list of data from the denylist. Can only be used as substitution from the list parameter.\",\n \"example\": \"blocked_users\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"List of inputs on which at least one should match with the given operator.\",\n \"items\": {\n \"description\": \"Input from the request on which the condition should apply.\",\n \"properties\": {\n \"address\": {\n \"description\": \"Input from the request on which the condition should apply.\",\n \"enum\": [\n \"server.db.statement\",\n \"server.io.fs.file\",\n \"server.io.net.url\",\n \"server.sys.shell.cmd\",\n \"server.request.method\",\n \"server.request.uri.raw\",\n \"server.request.path_params\",\n \"server.request.query\",\n \"server.request.headers.no_cookies\",\n \"server.request.cookies\",\n \"server.request.trailers\",\n \"server.request.body\",\n \"server.response.status\",\n \"server.response.headers.no_cookies\",\n \"server.response.trailers\",\n \"grpc.server.request.metadata\",\n \"grpc.server.request.message\",\n \"grpc.server.method\",\n \"graphql.server.all_resolvers\",\n \"usr.id\",\n \"http.client_ip\"\n ],\n \"example\": \"server.db.statement\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"SERVER_DB_STATEMENT\",\n \"SERVER_IO_FS_FILE\",\n \"SERVER_IO_NET_URL\",\n \"SERVER_SYS_SHELL_CMD\",\n \"SERVER_REQUEST_METHOD\",\n \"SERVER_REQUEST_URI_RAW\",\n \"SERVER_REQUEST_PATH_PARAMS\",\n \"SERVER_REQUEST_QUERY\",\n \"SERVER_REQUEST_HEADERS_NO_COOKIES\",\n \"SERVER_REQUEST_COOKIES\",\n \"SERVER_REQUEST_TRAILERS\",\n \"SERVER_REQUEST_BODY\",\n \"SERVER_RESPONSE_STATUS\",\n \"SERVER_RESPONSE_HEADERS_NO_COOKIES\",\n \"SERVER_RESPONSE_TRAILERS\",\n \"GRPC_SERVER_REQUEST_METADATA\",\n \"GRPC_SERVER_REQUEST_MESSAGE\",\n \"GRPC_SERVER_METHOD\",\n \"GRAPHQL_SERVER_ALL_RESOLVERS\",\n \"USR_ID\",\n \"HTTP_CLIENT_IP\"\n ]\n },\n \"key_path\": {\n \"description\": \"Specific path for the input.\",\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n }\n },\n \"required\": [\n \"address\"\n ],\n \"type\": \"object\"\n },\n \"type\": \"array\"\n },\n \"list\": {\n \"description\": \"List of value to use with the condition. Only used with the phrase_match, !phrase_match, exact_match and\\n!exact_match operator.\",\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"options\": {\n \"description\": \"Options for the operator of this condition.\",\n \"properties\": {\n \"case_sensitive\": {\n \"default\": false,\n \"description\": \"Evaluate the value as case sensitive.\",\n \"type\": \"boolean\"\n },\n \"min_length\": {\n \"default\": 0,\n \"description\": \"Only evaluate this condition if the value has a minimum amount of characters.\",\n \"format\": \"int64\",\n \"type\": \"integer\"\n }\n },\n \"type\": \"object\"\n },\n \"regex\": {\n \"description\": \"Regex to use with the condition. Only used with match_regex and !match_regex operator.\",\n \"example\": \"path.*\",\n \"type\": \"string\"\n },\n \"value\": {\n \"description\": \"Store the captured value in the specified tag name. Only used with the capture_data operator.\",\n \"example\": \"custom_tag\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"inputs\"\n ],\n \"type\": \"object\"\n }\n },\n \"required\": [\n \"operator\",\n \"parameters\"\n ],\n \"type\": \"object\"\n },\n \"type\": \"array\"\n },\n \"enabled\": {\n \"description\": \"Indicates whether the WAF custom rule is enabled.\",\n \"example\": false,\n \"type\": \"boolean\"\n },\n \"name\": {\n \"description\": \"The Name of the WAF custom rule.\",\n \"example\": \"Block request from a bad useragent\",\n \"type\": \"string\"\n },\n \"path_glob\": {\n \"description\": \"The path glob for the WAF custom rule.\",\n \"example\": \"/api/search/*\",\n \"type\": \"string\"\n },\n \"scope\": {\n \"description\": \"The scope of the WAF custom rule.\",\n \"items\": {\n \"description\": \"The scope of the WAF custom rule.\",\n \"properties\": {\n \"env\": {\n \"description\": \"The environment scope for the WAF custom rule.\",\n \"example\": \"prod\",\n \"type\": \"string\"\n },\n \"service\": {\n \"description\": \"The service scope for the WAF custom rule.\",\n \"example\": \"billing-service\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"service\",\n \"env\"\n ],\n \"type\": \"object\"\n },\n \"type\": \"array\"\n },\n \"tags\": {\n \"additionalProperties\": {\n \"type\": \"string\"\n },\n \"description\": \"Tags associated with the WAF Custom Rule. The concatenation of category and type will form the security\\nactivity field associated with the traces.\",\n \"maxProperties\": 32,\n \"properties\": {\n \"category\": {\n \"description\": \"The category of the WAF Rule, can be either `business_logic`, `attack_attempt` or `security_response`.\",\n \"enum\": [\n \"attack_attempt\",\n \"business_logic\",\n \"security_response\"\n ],\n \"example\": \"business_logic\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"ATTACK_ATTEMPT\",\n \"BUSINESS_LOGIC\",\n \"SECURITY_RESPONSE\"\n ]\n },\n \"type\": {\n \"description\": \"The type of the WAF rule, associated with the category will form the security activity.\",\n \"example\": \"users.login.success\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"category\",\n \"type\"\n ],\n \"type\": \"object\"\n }\n },\n \"required\": [\n \"enabled\",\n \"blocking\",\n \"name\",\n \"tags\",\n \"conditions\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"default\": \"custom_rule\",\n \"description\": \"The type of the resource. The value should always be `custom_rule`.\",\n \"enum\": [\n \"custom_rule\"\n ],\n \"example\": \"custom_rule\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"CUSTOM_RULE\"\n ]\n }\n },\n \"required\": [\n \"attributes\",\n \"type\"\n ],\n \"type\": \"object\"\n }\n },\n \"required\": [\n \"data\"\n ],\n \"type\": \"object\"\n }\n }\n },\n \"description\": \"The definition of the new WAF Custom Rule.\",\n \"required\": true\n}",
|
|
"use_request_body_schema_mode": true,
|
|
"validate_request_body_schema": true
|
|
}
|
|
}
|