NvGroupDefinition
Scope: Namespaced
Version: v1
-
spec
-
spec.selector
Required value
-
spec.selector.comment
-
spec.selector.criteria
-
spec.selector.criteria.key
-
spec.selector.criteria.op
-
spec.selector.criteria.value
-
-
spec.selector.name
Required value
-
-
NvAdmissionControlSecurityRule
Scope: Cluster
Version: v1
-
spec
-
spec.config
-
spec.config.client_mode
Required value
Allowed values:
service
,url
-
spec.config.enable
Required value
-
spec.config.mode
Required value
Allowed values:
monitor
,protect
-
-
spec.rules
-
spec.rules.action
Allowed values:
allow
,deny
-
spec.rules.comment
-
spec.rules.containers
-
spec.rules.containers.Element of the array
Allowed values:
containers
,init_containers
,ephemeral_containers
-
-
spec.rules.criteria
-
spec.rules.criteria.name
-
spec.rules.criteria.op
-
spec.rules.criteria.path
-
spec.rules.criteria.sub_criteria
-
spec.rules.criteria.sub_criteria.name
-
spec.rules.criteria.sub_criteria.op
-
spec.rules.criteria.sub_criteria.value
-
-
spec.rules.criteria.template_kind
-
spec.rules.criteria.type
-
spec.rules.criteria.value
-
spec.rules.criteria.value_type
-
-
spec.rules.disabled
-
spec.rules.id
-
spec.rules.rule_mode
Allowed values:
,
monitor
,protect
-
-
NvComplianceProfile
Scope: Cluster
Version: v1
-
spec
-
spec.templates
-
spec.templates.disable_system
-
spec.templates.entries
Required value
-
spec.templates.entries.tags
-
spec.templates.entries.test_number
-
-
-
NvSecurityRule
Scope: Namespaced
Version: v1
-
spec
-
spec.dlp
-
spec.dlp.settings
-
spec.dlp.settings.action
Allowed values:
allow
,deny
-
spec.dlp.settings.name
-
-
spec.dlp.status
-
-
spec.egress
-
spec.egress.action
Allowed values:
allow
,deny
-
spec.egress.applications
-
spec.egress.name
-
spec.egress.ports
-
spec.egress.priority
-
spec.egress.selector
-
spec.egress.selector.comment
-
spec.egress.selector.criteria
-
spec.egress.selector.criteria.key
-
spec.egress.selector.criteria.op
-
spec.egress.selector.criteria.value
-
-
spec.egress.selector.name
Required value
-
spec.egress.selector.name_referral
-
spec.egress.selector.original_name
-
-
-
spec.file
-
spec.file.app
-
spec.file.behavior
Allowed values:
monitor_change
,block_access
-
spec.file.filter
-
spec.file.recursive
-
-
spec.ingress
-
spec.ingress.action
Allowed values:
allow
,deny
-
spec.ingress.applications
-
spec.ingress.name
-
spec.ingress.ports
-
spec.ingress.priority
-
spec.ingress.selector
-
spec.ingress.selector.comment
-
spec.ingress.selector.criteria
-
spec.ingress.selector.criteria.key
-
spec.ingress.selector.criteria.op
-
spec.ingress.selector.criteria.value
-
-
spec.ingress.selector.name
Required value
-
spec.ingress.selector.name_referral
-
spec.ingress.selector.original_name
-
-
-
spec.process
-
spec.process.action
Allowed values:
allow
,deny
-
spec.process.allow_update
-
spec.process.name
-
spec.process.path
-
-
spec.process_profile
-
spec.process_profile.baseline
Allowed values:
default
,shield
,basic
,zero-drift
-
spec.process_profile.mode
Allowed values:
Discover
,Monitor
,Protect
-
-
spec.target
Required value
-
spec.target.policymode
Allowed values:
Discover
,Monitor
,Protect
,N/A
-
spec.target.selector
Required value
-
spec.target.selector.comment
-
spec.target.selector.criteria
-
spec.target.selector.criteria.key
-
spec.target.selector.criteria.op
-
spec.target.selector.criteria.value
-
-
spec.target.selector.grp_band_width
-
spec.target.selector.grp_sess_cur
-
spec.target.selector.grp_sess_rate
-
spec.target.selector.mon_metric
-
spec.target.selector.name
Required value
-
spec.target.selector.name_referral
-
spec.target.selector.original_name
-
-
-
spec.waf
-
spec.waf.settings
-
spec.waf.settings.action
Allowed values:
allow
,deny
-
spec.waf.settings.name
-
-
spec.waf.status
-
-
CspAdapterUsageRecord
Scope: Cluster
Version: v1
-
base_product
-
managed_node_count
-
reporting_time
NvDlpSecurityRule
Scope: Cluster
Version: v1
-
spec
-
spec.sensor
Required value
-
spec.sensor.comment
-
spec.sensor.name
Required value
-
spec.sensor.rules
-
spec.sensor.rules.name
-
spec.sensor.rules.patterns
-
spec.sensor.rules.patterns.context
Allowed values:
url
,header
,body
,packet
-
spec.sensor.rules.patterns.key
Allowed values:
pattern
-
spec.sensor.rules.patterns.op
Allowed values:
regex
,!regex
-
spec.sensor.rules.patterns.value
-
-
-
-
NvVulnerabilityProfile
Scope: Cluster
Version: v1
-
spec
-
spec.profile
Required value
-
spec.profile.entries
Required value
-
spec.profile.entries.comment
-
spec.profile.entries.days
-
spec.profile.entries.domains
-
spec.profile.entries.images
-
spec.profile.entries.name
-
-
-
NvWafSecurityRule
Scope: Cluster
Version: v1
-
spec
-
spec.sensor
Required value
-
spec.sensor.comment
-
spec.sensor.name
Required value
-
spec.sensor.rules
-
spec.sensor.rules.name
-
spec.sensor.rules.patterns
-
spec.sensor.rules.patterns.context
Allowed values:
url
,header
,body
,packet
-
spec.sensor.rules.patterns.key
Allowed values:
pattern
-
spec.sensor.rules.patterns.op
Allowed values:
regex
,!regex
-
spec.sensor.rules.patterns.value
-
-
-
-