Forum Discussion
will-will
Altocumulus
AltocumulusF5 rules for AWS WAF - F5-CVE_Managed rule group Logs
Hello, I've contacted AWS support regarding the WAF and your specific rule group, and AWS suggested I reach out here for specific questions regarding the F5 managed rule. I asked the following quest...
Nikoolayy1
MVP
MVPMaybe check the JSON config file for AWS WAF as the Visibility config should look like the example below:
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "AWS-AWSBotControl-Example"
https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-rule-group-settings.html
will-willAltocumulus
Altocumulusconfig file looks good
"OverrideAction": {
"None": {}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "F5-CVE_Managed"
}
From your last comment though I was able to find some logs in cloudwatch using:
filter terminatingRuleId = "F5-CVE_Managed"
Now that I can see these logs in Cloudwatch I can check and see if the exploits are getting blocked.
Thank you for your help!