AWS WAF
Collect AWS WAF Metrics
Configuration¶
Install Func¶
It is recommended to activate the TrueWatch Integration - Extension - DataFlux Func (Automata): All prerequisites are automatically installed. Please proceed with the script installation.
If you need to deploy Func yourself, refer to Deploy Func Manually
Install Script¶
Note: Please prepare an Amazon AK with the required permissions in advance (for simplicity, you can grant global read-only permissions
ReadOnlyAccess).
-
Log in to the Func console, click [Script Market], and enter the TrueWatch Script Market. Search for:
integration_aws_wafv2. -
Click [Install], then enter the corresponding parameters: AWS AK ID, AK Secret, and account name.
-
Click [Deploy Startup Script]. The system will automatically create a
Startupscript set and configure the corresponding startup scripts. -
After enabling, you can see the corresponding automatic trigger configuration in "Manage / Automatic Trigger Configuration". Click [Execute] to immediately execute it once without waiting for the scheduled time. Wait a moment, and you can view the execution task records and corresponding logs.
Verification¶
- In "Manage / Automatic Trigger Configuration", confirm whether the corresponding task has the automatic trigger configuration. You can also check the corresponding task records and logs for any exceptions.
- In TrueWatch, check if asset information exists in "Infrastructure - Resource Catalog".
- In TrueWatch, check if there are corresponding monitoring data in "Metrics".
Metrics¶
AWS WAF Metrics are under the aws_AWS/WAFV2 Measurement. Below are descriptions of some metrics along with their units and statistical data.
| Metric | Description | Unit |
|---|---|---|
AllowedRequests |
Number of allowed web requests | count |
BlockedRequests |
Number of blocked web requests | count |
RequestsWithValidChallengeToken |
Number of web requests with a valid challenge token | count |
SampleBlockedRequest |
Number of sampled requests that executed a Block operation | count |
CaptchaRequests |
Number of web requests with CAPTCHA controls applied | count |
PassedRequests |
Number of passed requests. This is only used for requests that pass the rule group evaluation but do not match any rule group rules | count |
RequestsWithValidChallengeToken |
Number of web requests with a valid challenge token | count |
SampleAllowedRequest |
Number of sampled requests that executed an Allow operation | count |
SampleCaptchaRequest |
Number of sampled requests that executed a CAPTCHA operation | count |
SampleChallengeRequest |
Number of sampled requests that executed a Challenge operation | count |
SampleCountRequest |
Number of sampled requests that executed a Count operation | count |
Objects¶
The collected AWS WAF object data structure can be viewed in "Infrastructure - Resource Catalog".
{
"measurement": "aws_wafv2",
"tags": {
"Id" : "91d10100-xxxxxxxxx-89fb90d1f566",
"ARN" : "arn:aws:wafv2:us-east-1:87626xxxxx4:regional/webacl/test-123/446cc7d0-d87e-xxxxxxxxxx",
"Capacity" : "CN",
"LabelNamespace" : "awswaf:87626xxxxx4:webacl:test-us-east-1:xxxxx",
"ManagedByFirewallManager" : "False",
"RegionId" : "ap-southeast-1"
},
"fields": {
"LockToken" : "6fe50442-fdfe-4dd5-ba54-5xxxxxxxxxxx",
"Description" : "test-123",
"AssociationConfig" : "{xxxxxxx}",
"CaptchaConfig" : "{xxxxxxx}",
"ChallengeConfig" : "{xxxxxxx}",
"CustomResponseBodies" : "xxxxxxx",
"DefaultAction" : "{"Allow": {}}",
"PostProcessFirewallManagerRuleGroups" : "Success",
"PreProcessFirewallManagerRuleGroups" : "{xxxxxxxx}",
"Rules" : "{Rules}",
"TokenDomains" : "xxxxxxxx",
"VisibilityConfig" : "{xxxxxxx}"
}
}
Note: The fields in
tagsandfieldsmay change with subsequent updates. ```