https://rancher.com/ logo
Powered by
#neuvector-security
Title
# neuvector-security
g

green-ambulance-94856

11/04/2022, 10:27 PM
Hello! I've recently installed NeuVector to test it out and to my surprise immediately started seeing 
SQL.Injection
security events showing up in my logs. The action says 
alert
instead of deny even though the pods are in protect mode. The documentation implies this should be denied under the 
Built-In Network Dectection
here. How do I know if this is actually being blocked or not?
q

quiet-fountain-46593

11/04/2022, 11:33 PM
It should block if in protect mode, there are few exceptions for a couple of CNIs. For example, protect mode for cilium is not currently supported (it will be shortly).
there’s also a way to set the network mode globally, and the individual modes per group only apply to process protection. But there is a large banner in the UI that will say something like, “Global network policy is set to: Monitor” this is not turned on by default
👍 1
g

green-ambulance-94856

11/05/2022, 2:56 PM
Thank you for the reply TJ!
19 Views
Powered by