v1.0.X-docs

xfhg · Oct 4, 2024 · ae8aae4 · ae8aae4
1 parent 6a4f601
commit ae8aae4
Show file tree

Hide file tree

Showing 4 changed files with 258 additions and 5 deletions.
diff --git a/docs/.vitepress/config.mts b/docs/.vitepress/config.mts
@@ -69,19 +69,25 @@ export default defineConfig({
           { text: 'Enforcement Levels', link: '/docs/enforcement' },
         ]
       },
+      {
+        text: 'INTERCEPT',
+        items: [
+          { text: 'Global Feature Flags', link: '/docs/global-flags' },
+        ]
+      },
       {
         text: 'INTERCEPT AUDIT',
         items: [
-          { text: 'Feature Flags', link: '/docs/tbd' },
-          { text: 'Compliance Reporting', link: '/docs/tbd' },
+          { text: 'Feature Flags', link: '/docs/audit-flags' },
+          // { text: 'Compliance Reporting', link: '/docs/tbd' },
         ]
       },
       {
         text: 'INTERCEPT OBSERVE',
         items: [
-          { text: 'Feature Flags', link: '/docs/tbd' },
-          { text: 'Runtime Modes', link: '/docs/tbd' },
-          { text: 'Integration Webhooks', link: '/docs/tbd' }
+          { text: 'Feature Flags', link: '/docs/observe-flags' },
+          // { text: 'Runtime Modes', link: '/docs/tbd' },
+          // { text: 'Integration Webhooks', link: '/docs/tbd' }
         ]
       },
       {

diff --git a/docs/docs/audit-flags.md b/docs/docs/audit-flags.md
@@ -0,0 +1,62 @@
+
+
+# INTERCEPT AUDIT 
+
+<br><br>
+
+
+```sh
+Usage:
+  intercept audit [flags]
+
+Flags:
+      --checksum string      Policy SHA256 expected checksum
+      --env-detection        Enable environment detection if no environment is specified
+  -e, --environment string   Filter policies that match the specified environment
+  -h, --help                 help for audit
+  -p, --policy string        Policy <FILEPATH> or <URL>
+      --tags-all string      Filter policies that match all of the provided tags (comma-separated)
+  -f, --tags-any string      Filter policies that match any of the provided tags (comma-separated)
+  -t, --target string        Target directory to audit
+
+
+  ```
+## Feature Flags
+
+### --policy
+Load a policy locally or from a remote endpoint
+```sh
+--policy policies/scan.yml
+--policy https://intercept.cc/marketplace/nginx_policy.yml
+```
+### --checksum
+Expected SHA256 Checksum of the policy file
+```sh
+--checksum a3717edde60a3f80fd6c401a666ca1f9b0ea6542b7834009452e2439d8951307
+```
+### --target
+Base target directory to audit
+```sh
+# Policies like SCAN , ASSURE , REGO , etc 
+# need a target path to look/filter for target files
+--target targets/
+```
+
+### --environment
+Declare the environment to assess the severity level of your policies
+```sh
+--environment production
+# Defaults "all"
+```
+
+### --env-detection
+Automatically detects the environment variable from common dev paths
+```sh
+--env-detection 
+# Superseeded by --environment
+```
+### --tags-all
+Only runs the Audit on policies with ALL the declared tags
+```sh
+--tags-all security,rbac
+```
diff --git a/docs/docs/global-flags.md b/docs/docs/global-flags.md
@@ -0,0 +1,102 @@
+
+
+# INTERCEPT Global Feature Flags
+
+<br><br>
+
+::: tip HINT
+Most flags can be declared on the policy file
+:::
+
+
+```sh
+Usage:
+  intercept [command]
+
+Available Commands:
+  audit       Run an optimized audit through all loaded policies
+  completion  Generate the autocompletion script for the specified shell
+  help        Help about any command
+  observe     Observe and trigger realtime policies based on schedules or active path monitoring
+  sys         Test intercept embedded core binaries
+  version     Print the build info of intercept
+
+Flags:
+      --debug                Enable extra dev debug output
+      --experimental         Enables unreleased experimental features
+  -h, --help                 help for intercept
+      --log-type string      Compliance Log types (can be a list) : MINIMAL,RESULTS,POLICY,REPORT (default "RESULTS")
+      --nolog                Disables all loggging
+  -o, --output-dir string    directory to write output files
+      --output-type string   Output types (can be a list) : SARIF,LOG (default "SARIF")
+      --silent               Enables log to file intercept.log
+  -v, --verbose count        increase verbosity level
+```
+
+## Configuration Flags
+
+### -v 
+Verbosity Level
+```sh
+# Default : Disabled
+# Levels of verbose output : DEBUG / INFO / WARN / ERROR / FATAL
+-v
+-vv
+-vvv
+-vvvv
+```
+### --debug
+Enable extra dev debug output
+```sh
+# Default : false
+# Should be used with -vvvv
+# Enable extra dev debug output :
+
+2024-10-... WRN DEBUG OUTPUT ENABLED
+2024-10-... WRN DEBUG OUTPUT ENABLED - Output can print sensitive data
+2024-10-... WRN DEBUG OUTPUT ENABLED
+
+```
+
+### -o 
+Declare a directory to write output files (logs +debug + reports)
+```sh
+# Default ./
+
+-o _reports/
+
+# tree _reports/
+_reports/
+├── _debug      # dev help output
+├── _patched    # automated fixed files
+├── _sarif      # intermediary individual results (cache)
+├── _status     # compliance reports 
+│   ├── 20241004T171050Z_intercept_2myvsh.sarif.json
+│   └── 20241004T171100Z_intercept_2myvsh.sarif.json
+├── log_minimal_2myvsh.log
+├── log_policy_2myvsh.log
+├── log_report_2myvsh.log
+└── log_results_2myvsh.log
+```
+
+### --output-type
+Output types (can be a list) : SARIF,LOG (default "SARIF")
+```sh
+--output-type LOG
+# to be used with --log-type
+```
+
+### --log-type
+Compliance Log types (can be a list) 
+```sh
+--log-type minimal,results,policy,report
+# Experiment with all
+# MINIMAL,RESULTS,POLICY,REPORT (default "RESULTS")
+```
+
+### --nolog
+Disables all intercept logging and output (not the compliance reporting)
+
+### --silent
+Redirects operational intercept log to file intercept.log
+
diff --git a/docs/docs/observe-flags.md b/docs/docs/observe-flags.md
@@ -0,0 +1,83 @@
+
+
+# INTERCEPT OBSERVE 
+
+
+
+<br><br>
+
+
+```sh
+
+Usage:
+  intercept observe [flags]
+
+Flags:
+      --env-detection        Enable environment detection if no environment is specified
+      --environment string   Filter policies that match the specified environment
+  -h, --help                 help for observe
+      --index string         Index name for ES bulk operations (default "intercept")
+      --mode string          Observe mode for path monitoring : first,last,all  (default "last")
+      --policy string        Policy file
+      --report string        Report Cron Schedule
+      --schedule string      Global Cron Schedule
+      --tags_all string      Filter policies that match all of the provided tags (comma-separated)
+      --tags_any string      Filter policies that match any of the provided tags (comma-separated)
+
+  ```
+  ## Feature Flags
+
+### --policy
+Load a policy locally or from a remote endpoint
+```sh
+--policy policies/scan.yml
+--policy https://intercept.cc/marketplace/nginx_policy.yml
+```
+### --environment
+Declare the environment to assess the severity level of your policies
+```sh
+--environment production
+# Defaults "all"
+```
+
+### --env-detection
+Automatically detects the environment variable from common dev paths
+```sh
+--env-detection 
+# Superseeded by --environment
+```
+
+### --mode
+Observe mode for path monitoring, chose to which monitoring event order to react to. 
+```sh
+# Options: first || last || all  
+# Default: "last" (reacts to the last event triggered for a path)
+--mode first
+```
+
+### --report
+Report Cron Schedule for the cadence of full compliance reports generated
+```sh
+# should be an interval delta long enough to capture 
+# individual policy audit results
+--report */50 * * * * *
+```
+
+### --schedule
+Global Cron Schedule, for policies without individual schedule
+```sh
+# set a cadence of running the individual policy audits
+--schedule */10 * * * * *
+```
+
+### --tags-all
+Filter policies that match all of the provided tags
+Only runs the Audit on policies with ALL the declared tags
+```sh
+--tags-all security,rbac
+```
+### --tags-any
+Filter policies that match any of the provided tags
+```sh
+--tags-any security,compliance
+```