NvGroupDefinition
Scope: Namespaced
Version: v1
-
objectspec
-
objectspec.selector
Required value
-
stringspec.selector.comment
-
array of objectsspec.selector.criteria
-
stringspec.selector.criteria.key
-
stringspec.selector.criteria.op
-
stringspec.selector.criteria.value
-
-
stringspec.selector.name
Required value
-
-
NvAdmissionControlSecurityRule
Scope: Cluster
Version: v1
-
objectspec
-
objectspec.config
-
stringspec.config.client_mode
Required value
Allowed values:
service,url -
booleanspec.config.enable
Required value
-
stringspec.config.mode
Required value
Allowed values:
monitor,protect
-
-
array of objectsspec.rules
-
stringspec.rules.action
Allowed values:
allow,deny -
stringspec.rules.comment
-
array of stringsspec.rules.containers
-
stringspec.rules.containers.Element of the array
Allowed values:
containers,init_containers,ephemeral_containers
-
-
array of objectsspec.rules.criteria
-
stringspec.rules.criteria.name
-
stringspec.rules.criteria.op
-
stringspec.rules.criteria.path
-
array of objectsspec.rules.criteria.sub_criteria
-
stringspec.rules.criteria.sub_criteria.name
-
stringspec.rules.criteria.sub_criteria.op
-
stringspec.rules.criteria.sub_criteria.value
-
-
stringspec.rules.criteria.template_kind
-
stringspec.rules.criteria.type
-
stringspec.rules.criteria.value
-
stringspec.rules.criteria.value_type
-
-
booleanspec.rules.disabled
-
integerspec.rules.id
-
stringspec.rules.rule_mode
Allowed values:
,monitor,protect
-
-
NvComplianceProfile
Scope: Cluster
Version: v1
-
objectspec
-
objectspec.templates
-
booleanspec.templates.disable_system
-
array of objectsspec.templates.entries
Required value
-
array of stringsspec.templates.entries.tags
-
stringspec.templates.entries.test_number
-
-
-
NvSecurityRule
Scope: Namespaced
Version: v1
-
objectspec
-
objectspec.dlp
-
array of objectsspec.dlp.settings
-
stringspec.dlp.settings.action
Allowed values:
allow,deny -
stringspec.dlp.settings.name
-
-
booleanspec.dlp.status
-
-
array of objectsspec.egress
-
stringspec.egress.action
Allowed values:
allow,deny -
array of stringsspec.egress.applications
-
stringspec.egress.name
-
stringspec.egress.ports
-
integerspec.egress.priority
-
objectspec.egress.selector
-
stringspec.egress.selector.comment
-
array of objectsspec.egress.selector.criteria
-
stringspec.egress.selector.criteria.key
-
stringspec.egress.selector.criteria.op
-
stringspec.egress.selector.criteria.value
-
-
stringspec.egress.selector.name
Required value
-
booleanspec.egress.selector.name_referral
-
stringspec.egress.selector.original_name
-
-
-
array of objectsspec.file
-
array of stringsspec.file.app
-
stringspec.file.behavior
Allowed values:
monitor_change,block_access -
stringspec.file.filter
-
booleanspec.file.recursive
-
-
array of objectsspec.ingress
-
stringspec.ingress.action
Allowed values:
allow,deny -
array of stringsspec.ingress.applications
-
stringspec.ingress.name
-
stringspec.ingress.ports
-
integerspec.ingress.priority
-
objectspec.ingress.selector
-
stringspec.ingress.selector.comment
-
array of objectsspec.ingress.selector.criteria
-
stringspec.ingress.selector.criteria.key
-
stringspec.ingress.selector.criteria.op
-
stringspec.ingress.selector.criteria.value
-
-
stringspec.ingress.selector.name
Required value
-
booleanspec.ingress.selector.name_referral
-
stringspec.ingress.selector.original_name
-
-
-
array of objectsspec.process
-
stringspec.process.action
Allowed values:
allow,deny -
booleanspec.process.allow_update
-
stringspec.process.name
-
stringspec.process.path
-
-
objectspec.process_profile
-
stringspec.process_profile.baseline
Allowed values:
default,shield,basic,zero-drift -
stringspec.process_profile.mode
Allowed values:
Discover,Monitor,Protect
-
-
objectspec.target
Required value
-
stringspec.target.policymode
Allowed values:
Discover,Monitor,Protect,N/A -
objectspec.target.selector
Required value
-
stringspec.target.selector.comment
-
array of objectsspec.target.selector.criteria
-
stringspec.target.selector.criteria.key
-
stringspec.target.selector.criteria.op
-
stringspec.target.selector.criteria.value
-
-
integerspec.target.selector.grp_band_width
-
integerspec.target.selector.grp_sess_cur
-
integerspec.target.selector.grp_sess_rate
-
booleanspec.target.selector.mon_metric
-
stringspec.target.selector.name
Required value
-
booleanspec.target.selector.name_referral
-
stringspec.target.selector.original_name
-
-
-
objectspec.waf
-
array of objectsspec.waf.settings
-
stringspec.waf.settings.action
Allowed values:
allow,deny -
stringspec.waf.settings.name
-
-
booleanspec.waf.status
-
-
CspAdapterUsageRecord
Scope: Cluster
Version: v1
-
stringbase_product
-
integermanaged_node_count
-
stringreporting_time
NvDlpSecurityRule
Scope: Cluster
Version: v1
-
objectspec
-
objectspec.sensor
Required value
-
stringspec.sensor.comment
-
stringspec.sensor.name
Required value
-
array of objectsspec.sensor.rules
-
stringspec.sensor.rules.name
-
array of objectsspec.sensor.rules.patterns
-
stringspec.sensor.rules.patterns.context
Allowed values:
url,header,body,packet -
stringspec.sensor.rules.patterns.key
Allowed values:
pattern -
stringspec.sensor.rules.patterns.op
Allowed values:
regex,!regex -
stringspec.sensor.rules.patterns.value
-
-
-
-
NvVulnerabilityProfile
Scope: Cluster
Version: v1
-
objectspec
-
objectspec.profile
Required value
-
array of objectsspec.profile.entries
Required value
-
stringspec.profile.entries.comment
-
integerspec.profile.entries.days
-
array of stringsspec.profile.entries.domains
-
array of stringsspec.profile.entries.images
-
stringspec.profile.entries.name
-
-
-
NvWafSecurityRule
Scope: Cluster
Version: v1
-
objectspec
-
objectspec.sensor
Required value
-
stringspec.sensor.comment
-
stringspec.sensor.name
Required value
-
array of objectsspec.sensor.rules
-
stringspec.sensor.rules.name
-
array of objectsspec.sensor.rules.patterns
-
stringspec.sensor.rules.patterns.context
Allowed values:
url,header,body,packet -
stringspec.sensor.rules.patterns.key
Allowed values:
pattern -
stringspec.sensor.rules.patterns.op
Allowed values:
regex,!regex -
stringspec.sensor.rules.patterns.value
-
-
-
-