Alibaba Cloud Firewall
Collect monitoring data from Alibaba Cloud Firewall
Configuration¶
Install Func¶
It is recommended to activate TrueWatch Integration - Extensions - DataFlux Func (Automata)
For self-deployment of Func, refer to Self-deployment of Func
Install Script¶
Note: Please prepare the Alibaba Cloud AK in advance (for simplicity, you can directly grant the global read-only permission
ReadOnlyAccess)
-
Log in to the Func console, click 【Script Market】, and enter the TrueWatch Script Market, search for:
integration_alibabacloud_cloudfw -
Click 【Install】, then enter the corresponding parameters: Alibaba Cloud AK ID, AK Secret, and account name.
-
Click 【Deploy Startup Script】, the system will automatically create the
Startupscript set and configure the corresponding startup scripts. -
After enabling, you can see the corresponding automatic trigger configuration in 「Manage / Automatic Trigger Configuration」. Click 【Execute】 to immediately execute once without waiting for the scheduled time. After a while, you can view the execution task records and corresponding logs.
Verification¶
- In 「Manage / Automatic Trigger Configuration」, confirm whether the corresponding task has the automatic trigger configuration, and check the corresponding task records and logs for any exceptions.
- In TrueWatch, check if there is asset information in 「Infrastructure / Custom」.
- In TrueWatch, check if there is corresponding monitoring data in 「Metrics」.
Metrics¶
Cloud Firewall¶
| MetricName | Metric Type | Metric Description | Dimensions | Statistics | Unit |
|---|---|---|---|---|---|
| InternetAclBlockByIp | Public IP | Single IP ACL Block Count | userId,assetIp | Value | count |
| InternetAclBlockByRegion | Region | Single Region ACL Block Count | userId,regionId | Value | count |
| InternetAclBlockByUser | Global | ACL Block Count | userId | Value | count |
| InternetAclBlockPerByIp | Public IP | Single IP ACL Block Percentage | userId,assetIp | Value | % |
| InternetAclBlockPerByRegion | Region | Single Region ACL Block Percentage | userId,regionId | Value | % |
| InternetAclBlockPerByUser | Global | ACL Block Percentage | userId | Value | % |
| InternetIpsBlockByIp | Public IP | Single IP IPS Block Count | userId,assetIp | Value | count |
| InternetIpsBlockByRegion | Region | Single Region IPS Block Count | userId,regionId | Value | count |
| InternetIpsBlockByUser | Global | IPS Block Count | userId | Value | count |
| InternetIpsBlockPerByIp | Public IP | Single IP IPS Block Percentage | userId,assetIp | Value | % |
| InternetIpsBlockPerByRegion | Region | Single Region IPS Block Percentage | userId,regionId | Value | % |
| InternetIpsBlockPerByUser | Global | IPS Block Percentage | userId | Value | % |
| InternetNewConnByIp | Public IP | Single IP New Connection Count | userId,assetIp | Value | count |
| InternetNewConnByRegion | Region | Single Region New Connection Count | userId,regionId | Value | count |
| InternetNewConnByUser | Global | New Connection Count | userId | Value | count |
| InternetNewConnPerByIp | Public IP | Single IP New Connection Percentage | userId,assetIp | Value | % |
| InternetNewConnPerByRegion | Region | Single Region New Connection Percentage | userId,regionId | Value | % |
| InternetNewConnPerByUser | Global | New Connection Percentage | userId | Value | % |
Cloud Firewall-NAT¶
| MetricName | Metric Type | Metric Description | Dimensions | Statistics | Unit |
|---|---|---|---|---|---|
| NatAclBlockByInstanceId | NAT Gateway | Single NAT Firewall Instance ACL Block Count | userId,cloudInstanceId | Value | count |
| NatAclBlockByRegion | Region | Single Region ACL Block Count | userId,regionId | Value | count |
| NatAclBlockByUser | Global | ACL Block Count | userId | Value | count |
| NatAclBlockPerByInstanceId | NAT Gateway | Single NAT Firewall Instance ACL Block Percentage | userId,cloudInstanceId | Value | % |
| NatAclBlockPerByRegion | Region | Single Region ACL Block Percentage | userId,regionId | Value | % |
| NatAclBlockPerByUser | Global | ACL Block Percentage | userId | Value | % |
| NatNewConnByInstanceId | NAT Gateway | Single NAT Firewall Instance New Connection Count | userId,cloudInstanceId | Value | count |
| NatNewConnByRegion | Region | Single Region New Connection Count | userId,regionId | Value | count |
| NatNewConnByUser | Global | New Connection Count | userId | Value | count |
| NatNewConnPerByInstanceId | NAT Gateway | Single NAT Firewall Instance New Connection Percentage | userId,cloudInstanceId | Value | % |
| NatNewConnPerByRegion | Region | Single Region New Connection Percentage | userId,regionId | Value | % |
| NatNewConnPerByUser | Global | New Connection Percentage | userId | Value | % |
Cloud Firewall-VPC¶
| MetricName | Metric Type | Metric Description | Dimensions | Statistics | Unit |
|---|---|---|---|---|---|
| VpcAclBlockByCen | VPC Firewall Instance | Single VPC Firewall Instance ACL Block Count | userId,firewallId | Value | count |
| VpcAclBlockByUser | Global | ACL Block Count | userId | Value | count |
| VpcAclBlockByVpcPeer | Source-Destination VPC | Source-Destination VPC ACL Block Count | userId,vpcIdPeer | Value | count |
| VpcAclBlockPerByCen | VPC Firewall Instance | Single VPC Firewall Instance ACL Block Percentage | userId,firewallId | Value | % |
| VpcAclBlockPerByUser | Global | ACL Block Percentage | userId | Value | % |
| VpcAclBlockPerByVpcPeer | Source-Destination VPC | Source-Destination VPC ACL Block Percentage | userId,vpcIdPeer | Value | % |
| VpcNewConnByCen | VPC Firewall Instance | Single VPC Firewall Instance New Connection Count | userId,firewallId | Value | % |
| VpcNewConnByUser | Global | New Connection Count | userId | Value | count |
| VpcNewConnByVpcPeer | Source-Destination VPC | Source-Destination VPC New Connection Count | userId,vpcIdPeer | Value | % |
| VpcNewConnPerByCen | VPC Firewall Instance | Single VPC Firewall Instance New Connection Percentage | userId,firewallId | Value | % |
| VpcNewConnPerByUser | Global | New Connection Percentage | userId | Value | % |
| VpcNewConnPerByVpcPeer | Source-Destination VPC | Source-Destination VPC New Connection Percentage | userId,vpcIdPeer | Value | % |