https://github.com/cloudymax/modsecurity-dashboard

A Grafana dashboard for JSON formatted kubernetes ingress-nginx modsecurity logs for use with Kuber-Pormetheus-Stack and Loki-Stack
https://github.com/cloudymax/modsecurity-dashboard

Last synced: about 1 year ago
JSON representation

A Grafana dashboard for JSON formatted kubernetes ingress-nginx modsecurity logs for use with Kuber-Pormetheus-Stack and Loki-Stack

• Host: GitHub
• URL: https://github.com/cloudymax/modsecurity-dashboard
• Owner: cloudymax
• License: mit
• Created: 2023-05-09T13:57:02.000Z (about 3 years ago)
• Default Branch: main
• Last Pushed: 2023-05-09T14:18:46.000Z (about 3 years ago)
• Last Synced: 2025-04-30T23:38:00.496Z (about 1 year ago)
• Size: 13.7 KB
• Stars: 7
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Modsecurity Dashboard

A Grafana dashboard for JSON-formatted kubernetes ingress-nginx modsecurity logs.  

## Acknowledgement 

This dashbboard is a heavily-modified derivative of the [NGINX ModSecurity OWASP CRS V0.0](https://grafana.com/grafana/dashboards/15495-nginx-modsecurity-owasp-crs-v0-0/) dashboard by [coffeeflash](https://github.com/coffeeflash). They discus more about it's creation in [this blog post](https://tobisyurt.net/modsecurity-nginx). I have modified the dashboard to use `JSON` logs collected from `/dev/stdout` and changed some formatting for readability.



## Requirements

- [Kubernetes ingress-nginx](https://github.com/kubernetes/ingress-nginx) with metrics and modsecurity enabled

- Modesecurity log format set to `JSON`

- Modsecurity log output path `/dev/stdout`

- [Kube-Prometheus-Stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) (Prometheus, Grafana)

- [Loki-Stack](https://github.com/grafana/helm-charts/tree/main/charts/loki-stack) (Promtail, Loki)

## Enable NGINX MOD Security + Metrics

1. Update the Nginx configmap:

    ```bash

    kubectl edit configmap -n ingress-nginx ingress-nginx-controller

    ```

2. Enable modsecurity:

    ```yaml

    apiVersion: v1

    data:

      # ...

      allow-snippet-annotations: "true"

      enable-modsecurity: "true"

      enable-owasp-modsecurity-crs: "true"

      load-balance: ewma

      modsecurity-snippet: |-

        SecRuleEngine DetectionOnly

        SecAuditEngine RelevantOnly

        SecStatusEngine On

        SecRequestBodyAccess On

        SecAuditLog /dev/stdout

        SecAuditLogFormat JSON

      # ...

    ```

3. Expose metrics

    ```bash

    helm upgrade ingress-nginx ingress-nginx \

    --repo https://kubernetes.github.io/ingress-nginx \

    --namespace ingress-nginx \

    --set controller.metrics.enabled=true \

    --set-string controller.podAnnotations."prometheus\.io/scrape"="true" \

    --set-string controller.podAnnotations."prometheus\.io/port"="10254"

    ```