Skip to main content

AWS WAF

Download With Dependencies

Amazon Web Services Web Application Firewall (WAF)

AWS WAF

This pack includes Cortex XSIAM content.

AWS WAF is a web application firewall service that lets you monitor web requests that are forwarded to an Amazon API Gateway API, an Amazon CloudFront distribution, or an Application Load Balancer.
You can protect those resources based on conditions that you specify, such as the IP addresses that the requests originate from.

What does this pack do

This integration enables you to:

  • Create, retrieve, update, or delete IP sets.
  • Create, retrieve, update, or delete Regex patterns sets.
  • Create, retrieve, update, or delete Rule groups.
  • Create IP rules to associate to a specific rule group.
  • Create country rules to associate to a specific rule group.
  • Create string match rules to associate to a specific rule group.
  • Add statements to existing rules.

AWS WAF

This pack includes Cortex XSIAM content.

Configuration on Server Side

  • For information on configuring ACL web logging, refer to the following documentation.
  • For information on sending ACL web logs to S3 bucket, refer to the following documentation.

Collect Events from Vendor

In order to use the collector, use the Amazon S3 collector.

Amazon S3

To create or configure the Amazon S3 collector, use the information described here.

  1. Navigate to Settings > Configuration > Data Sources > Amazon S3.
  2. Press Add New Istance.
  3. Fill in the following parameters:
Field Name Description Value
SQS URL The ARN of the Amazon SQS that you configured in the AWS Management Console. <YourSQSURL\>
Name A descriptive name for your log collection configuration. <InstanceName\>
AWS Client ID The access key ID, which was received when configuring access keys for the AWS IAM user in AWS. <AWSClientID\>
AWS Client Secret The secret access key, which was received when configuring access keys for the AWS IAM user in AWS. <AWSClientSecret\>
Log Type Select Generic to configure your log collection to receive generic logs from Amazon S3. Generic
Log Format Select the log format type as JSON. Json
Vendor Set as 'aws'. aws
Product Set as 'waf'. waf
Compression Select 'gzip'. gzip
AWS WAF is a web application firewall service that lets you monitor web requests that are forwarded to an Amazon API Gateway API, an Amazon CloudFront distribution, or an Application Load Balancer.
You can protect those resources based on conditions that you specify, such as the IP addresses that the requests originate from.

What does this pack do

This integration enables you to:

  • Create, retrieve, update, or delete IP sets.
  • Create, retrieve, update, or delete Regex patterns sets.
  • Create, retrieve, update, or delete Rule groups.
  • Create IP rules to associate to a specific rule group.
  • Create country rules to associate to a specific rule group.
  • Create string match rules to associate to a specific rule group.
  • Add statements to existing rules.

PUBLISHER

Cortex

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedMarch 23, 2023
Last ReleaseFebruary 18, 2024
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.