Forum Discussion
will-will
Altocumulus
AltocumulusF5 rules for AWS WAF - F5-CVE_Managed rule group Logs
Hello, I've contacted AWS support regarding the WAF and your specific rule group, and AWS suggested I reach out here for specific questions regarding the F5 managed rule. I asked the following quest...
Nikoolayy1
MVP
MVPHave you checked if you enabled logging in the AWS WAF ACL that sends the logs to cloudwatch?
https://docs.aws.amazon.com/waf/latest/developerguide/logging.html
Also note that if it is important site better go with F5 virtual edition, F5 silverline for AWS or the new F5 distributed cloud as the AWS WAF is for me simply the free open source mod_security waf for unix/linux and even with the F5 rules the AWS WAF is still just stateless old generation WAF with signatures.
Still if you chose it better in the future to send the logs with Kinesis Data Firehose to a syslog or SIEM server as Cloudwatch has capacity limit and the price to increase it is not small, so better not log the default action (if no rules are matched) as this will log just the illegal requests. There are many free open souce SIEM out there: