Closed kklam201 closed 2 years ago
Thanks for the question. Here is a blog about how to analyze waf logs using ElasticSearch: https://aws.amazon.com/blogs/security/how-to-analyze-aws-waf-logs-using-amazon-elasticsearch-service/. You can also build a custom dashboard to view WAF cloudwatch metrics: https://docs.aws.amazon.com/solutions/latest/aws-waf3-security-automations/appendix-e.html
Hi aijunpeng
i use aws-waf-security-automations that have use Amazon Kinesis Data Firehose delivery stream to that s3 bucket
if i have build custom log to elasticsearch will it influence aws-waf-security-automations other function?(ex: Lambda log parser)
The aws-waf-security-automations solution processes the WAF logs stored in that S3 bucket therefore you shouldn't change it. Instead you can use a lambda to load logs from S3 to ES. Your lambda can be triggered when a WAF log file is inserted into S3.
Can i set waf automations log to ELK for weekly security report ?? we want to know block by which rule from which ip to which host