nixer.behaviors.log.include-headers |
true |
Whether http headers should be logged |
nixer.behaviors.log.include-metadata |
true |
Whether metadata about request should be logged. Includes pwned check results, ip lookup match, thresholds exceeded |
nixer.behaviors.log.include-query-string |
|
Whether query part of uri should be logged |
nixer.behaviors.log.include-user-info |
true |
Whether user info should be logged. Includes ip, username, session_id |
nixer.events.elastic.enabled |
|
Whether anomaly events should be logged to Elasticsearch. Requires Elastic Search running. |
nixer.events.elastic.index |
|
Elasticsearch index. |
nixer.events.elastic.type |
_doc |
Elasticsearch type. |
nixer.events.log.enabled |
|
Whether anomaly events logging is enabled. |
nixer.filter.ip.enabled |
|
Whether matching requests IP addresses to defined IP ranges is enabled. |
nixer.filter.ip.ip-prefixes-path |
|
Location of file resource with the IP ranges. Can be either a “classpath:” pseudo URL, a “file:” URL, or a plain file path. |
nixer.filters.dry-run |
|
Whether Nixer servlet filters should execute behaviors in dry-run mode. |
nixer.rules.failed-login-ratio-level.activation-level |
80 |
Value of failed-login-ratio metric above which an activation event will be generated. Unit of the metric is percent [%] and it is calculated with the following formula: failed-login-ratio = (100 * number or failed logins) / (number of all logins). The activation level together with the deactivation level create hysteresis to better cope with credential stuffing and also to prevent too frequent activation/deactivation events. |
nixer.rules.failed-login-ratio-level.deactivation-level |
70 |
Value of failed-login-ratio metric below which a deactivation event will be generated. Unit of the metric is percent [%] and it is calculated with the following formula: failed-login-ratio = (100 * number or failed logins) / (number of all logins). The activation level together with the deactivation level create hysteresis to better cope with credential stuffing and also to prevent too frequent activation/deactivation events. |
nixer.rules.failed-login-ratio-level.enabled |
|
Whether failed login ratio feature is enabled. |
nixer.rules.failed-login-ratio-level.minimum-sample-size |
20 |
Property minimumSampleSize defines the smallest number of login attempts that need to occur within window for the activation to happen. The reason for this property is that when there is a small number of login attempts, we don’t necessarily want to trigger activation. |
nixer.rules.failed-login-ratio-level.window |
|
Property window defines time period for which the ratio will be calculated. Longer periods would consume more memory (unless external data store is used) and would cause slower reaction to changes in traffic patterns. |
nixer.rules.failed-login-threshold |
|
Maps rule properties by name that they correspond to |
nixer.rules.failed-login-threshold.ip.enabled |
|
Whether rule is enabled. Disabled by default. |
nixer.rules.failed-login-threshold.ip.threshold |
|
Defines at what metric value rule will trigger |
nixer.rules.failed-login-threshold.ip.window |
|
Window size in minutes that will be used to calculate metric. |
nixer.rules.failed-login-threshold.useragent.enabled |
|
Whether rule is enabled. Disabled by default. |
nixer.rules.failed-login-threshold.useragent.threshold |
|
Defines at what metric value rule will trigger |
nixer.rules.failed-login-threshold.useragent.window |
|
Window size in minutes that will be used to calculate metric. |
nixer.rules.failed-login-threshold.username.enabled |
|
Whether rule is enabled. Disabled by default. |
nixer.rules.failed-login-threshold.username.threshold |
|
Defines at what metric value rule will trigger |
nixer.rules.failed-login-threshold.username.window |
|
Window size in minutes that will be used to calculate metric. |
