Hello Israel,
A RuleGroup is an AWS WAF container for predefined rules.
In your case: F5 Rules for AWS WAF - Web exploits OWASP Rules
These are pre-defined patterns for Negative Security policies on top of AWS WAF. (Very basic security)
Unfortunately, the AWS WAF has several limitations:
- It doesn't have the visibility you require in your use case.
- It doesn't show the full content of the request or response.
- It is simply limited to counting whether it matches or not.
- Negative security policy only!
- You can only block known attacks that match AWS WAF very limited signatures.
- No protections for unknown Zero Day vulnerabilities.
- Requires you to make your own manual security signatures.
- You have to pay for a third-party list of conditions and rules (like F5 Rules).
- Only has a few basic signatures that only protect from simple vulnerabilities.
- You need to add a better protection for the more sophisticated attacks against your apps.
- No API protection (no XML, JSON, GWT) – No HTTP/2 or Websockets
So if you need more visibility, control and security you should try and explore Advanced Web Application Firewall (WAF) which is available in the AWS Marketplace.
I hope it helps.
Nimbostratus