Limitations

Cloud active defense is compiled from Go into WASM. WASM is considered embedded code, meaning that not all Go features can be used. Namely, Go has a JSON parser but does not have JSON encoding. Check this page for a list of supported and unsupported Go packages.

Envoy cannot read from the file system. To fetch data at runtime, you have to rely on a solution such as performing an asynchronous HTTP call.

There might be some side effect depending on the order in which you apply decoys. For example, if you replace some HTML content with something else, and that another decoy uses the original HTML content in its 'inject' regular expression, the second one might not trigger.

Decoy injection and detection is quick for a few tokens, but it might occur some performance overhead if you use a large number of decoys at the same time. We did not test this extensively so your feedback is welcome!

Home
Main Configuration guide
- Session
- Username
- Server
- Respond
- BlocklistReload
Decoy Configuration guide
- General structure
- Decoy
- Inject
- Detect
  - Alert
  - Respond
    - Divert
- Alert events
- Response events
- Dos and don'ts
- Summary
- Examples
  - Catalog
Developer Guide

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Limitations

Clone this wiki locally