govple.blogg.se

See an overview of threats detected and traffic passing through AWS WAF. Viewing AWS WAF Dashboards AWS WAF Overview Results won't be available immediately, but within 20 minutes, you'll see full graphs and maps. It's important to note that each panel slowly fills with data matching the time range query and received since the panel was created. From here, you can share it with your organization. Once an app is installed, it will appear in your Personal folder, or other folder that you specified. Select the Location in Library (the default is the Personal folder in the library), or click New Folder to add a new folder. Choose Enter a Custom Data Filter, and enter a custom source category beginning with an underscore.Choose Source Category, and select a source category from the list.Select either of these options for the data source. You can retain the existing name, or enter a name of your choice for the app. To install the app, complete the following fields:.Select the version of the service you're using and click Add to Library.If you want to see a preview of the dashboards included with the app before installing, click Preview Dashboards.Click App Catalog, then search for and select the app.Now that you have set up collection for AWS WAF, install the Sumo Logic App for AWS AWS to use the pre-configured searches and dashboards. Click the checkbox, and select Infer Boundaries. Click Ignore time zone from log file and instead use, and select "UTC" from the list of time zones.

Use the default of Automatic, or select a scan interval from the pulldown. Select the appropriate AWS access control mechanism. Don’t include the bucket name when you are setting the Path Expression. See Amazon Path Expressions.) The S3 bucket name is not part of the path. You can use a wildcard (*) in this string. Enter the string that matches the S3 objects you'd like to collect. Select the Amazon Region for your S3 bucket. Enter a name to display for the new Source.

To your Hosted Collector, add an Amazon S3 Source.

Grant Sumo Logic Access to the Amazon S3 Bucket.Ĭonfigure a Sumo collector and source to receive AWS WAF logs .

Confirm that logs are being delivered to the S3 bucket.

Configure an Amazon S3 bucket as the destination of the Kinesis Stream, as described in Amazon Kinesis Data Firehose Data Delivery in AWS help.

Enable WAF logging to a Kinesis Stream, as described in AWS help.

In the next step, you'll configure Sumo to collect logs from the bucket. In this step you set up AWS WAF to send log data to an S3 bucket using an Kinesis Data Firehose. Follow the "Before you begin" section in the "Collect Logs" help page and then use the in-product instructions in Sumo Logic to set up the app.