-
Notifications
You must be signed in to change notification settings - Fork 9
Home
This wiki is work in progress, parts may still be under construction
Cloud active defense is about blending deceptive decoys into web applications, and about detecting decoy interaction. Decoys are defined in a .json file read and applied every few minutes.
Decoys are powerful but can also break the UI if used without care. The following sections detail how to properly create decoys.
-
Main
- General structure: The main flow of decoys: inject, detect, alert.
- Decoy: What makes a decoy
- Inject: How injection (url, headers, cookies, body) of decoys works
- Detect: How detection works
- Alert: When and how to alert to the console
-
Dos and don'ts: What makes a good decoy, what makes a bad decoy, what can break
-
Summary: All configuration options at a glance
-
Examples: Collection of decoys and detection rules to get you inspired
Cloud active defense is primarily a WASM plugin for Envoy. All the source code is provided so that you can rebuild the plugin by yourself and create enhancements. The following sections will cover the main logic of the code and what it can and cannot do.
- General structure: The main activity flow: request headers, request body, response headers, response body
- Build: How to (re)build the WASM plugin from source
- Limitations: Limitations of WASM and of Envoy