| version: 1.0.0 | |
| immutable: true | |
| rules: | |
| passive_default: true | |
| require_authorization_for: | |
| - http_headers | |
| - robots_fetch | |
| forbidden_modules: | |
| - port_scanning | |
| - brute_force | |
| - credential_testing | |
| - exploitation | |
| logging: | |
| store_raw_indicators: false | |
| require_hashing: true | |
| correction: | |
| allowed_verbs: [ADAPT, CONSTRAIN, REVERT, OBSERVE] | |
| policy_mutation_requires_human: true |