smom-dbis-138/monitoring/security/security-monitoring.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: security-monitoring-config
  namespace: monitoring
data:
  # Security monitoring configuration
  ENABLE_SECURITY_MONITORING: "true"
  ALERT_ON_VULNERABILITIES: "true"
  ALERT_ON_UNAUTHORIZED_ACCESS: "true"
  ALERT_ON_ANOMALOUS_ACTIVITY: "true"
  SECURITY_LOG_RETENTION_DAYS: "90"
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: security-monitor
  namespace: monitoring
spec:
  replicas: 1
  selector:
    matchLabels:
      app: security-monitor
  template:
    metadata:
      labels:
        app: security-monitor
    spec:
      containers:
        - name: security-monitor
          image: security-monitor:1.0.0
          env:
            - name: ENABLE_SECURITY_MONITORING
              valueFrom:
                configMapKeyRef:
                  name: security-monitoring-config
                  key: ENABLE_SECURITY_MONITORING
          resources:
            requests:
              cpu: "100m"
              memory: "256Mi"
            limits:
              cpu: "500m"
              memory: "512Mi"
---
# Security monitoring Prometheus alerts
apiVersion: v1
kind: ConfigMap
metadata:
  name: security-alerts
  namespace: monitoring
data:
  security-alerts.yml: |
    groups:
      - name: security
        rules:
          - alert: UnauthorizedAccessAttempt
            expr: rate(security_unauthorized_access_total[5m]) > 0
            for: 5m
            labels:
              severity: critical
            annotations:
              summary: "Unauthorized access attempt detected"
              
          - alert: VulnerabilityDetected
            expr: security_vulnerabilities_total > 0
            for: 1m
            labels:
              severity: high
            annotations:
              summary: "Security vulnerability detected"
              
          - alert: AnomalousActivity
            expr: rate(security_anomalous_activity_total[5m]) > 10
            for: 5m
            labels:
              severity: medium
            annotations:
              summary: "Anomalous activity detected"