Versions Compared

Version Old Version 6 New Version Current
Changes made by

Virginia Camuñas Núñez

Laszlo Frazer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

An analyst wants to detect malicious network traffic in web applications.  Using the WAF ACL SQS collector to send firewall logs to Devo, the analyst will find malicious IP activity.  As a result, the analyst will use Access Control Lists to block the traffic, preventing attackers from cross-site scripting.

Devo recommends also logging AWS WAF actions using the CloudTrail SQS Collector.

...

Table

Description

cloud.aws.waf.logs

Access Control List Traffic

Authorize It

  1. Authorize SQS Data Access.

    1. For this service, the bucket name must start with aws-waf-logs-.

  2. Add data to the S3 bucket.

    1. In WAF, select a Web ACL.

      image-20250122-214521.pngImage Removed

...

b. Select “Logging” and

...

“Enable”.

...

...

c. Set the destination to the S3 bucket previously authorized.

...

Run It

In the Cloud Collector App, create an SQS Collector instance using this parameters template, replacing the values enclosed in < >.

...

Set the inactivity alert to keep track of the collector_id.

If protection of a particular URI is very important, it can be monitored individually for inactivity.

...