log parser not working for scans and probes

[sudhir05]

I have recently attached aws-waf-security-automation with cloudfront and wanted to test scans and probes scenario. Facing below issues:

1. I was hitting an API end point more than 100 time which returned 401. According to the rule originating IP should be added in the block list. But i cannot see any ip in the scans and probe list. There is no lambda log group also created for scans and probes. I could see log group created for few other rules.
2. I haven't enabled logging however bucket is in place.

[aijunpeng]

Can you please provide the following information:

1. Did you deploy a new stack or update an existing stack? If it was updating stack, what parameters were updated?
2. What are the version of the solution and input parameter values of your current WAF stack?

[aijunpeng]

3. Verify that your cloudfront logs are linked to the WAF AppAccessLogBucket s3 bucket and provide a screenshot of your WAF AppAccessLogBucket s3 bucket with cloudfront logs in it.
4. WAF solution should automatically create lambda log group for you. You can go to your LogParser lambda function in AWS console and open cloudwatch logs for the function there.

[sudhir05]

@aijunpeng thanks for your response. I could see cloudwatch log group has been generated for log parser. However i haven't tested again with Scan and Probes.

[aijunpeng]

ok. let us know if there are issues.