WAF Rule 80443

Ademola Adebisi

unread,

Aug 31, 2022, 4:27:01 PM8/31/22

to Wazuh mailing list

Hi All

I recently manually adjusted the WAF rule 80443 by increasing the frequency to reduce the number of Alerts the org was getting but the alert kept firing. What adjustments do I need to make to prevent this rule from alerting?

Default (0350-amazon_rules.xml)

<rule id="80443" level="10" frequency="8" timeframe="120" ignore="60">
<if_matched_sid>80442</if_matched_sid>
<same_field>aws.httpRequest.clientIp</same_field>
<options>no_full_log</options>
<description>AWS WAF - Multiple blocked requests.</description>
</rule>

local_rules.xml

<rule id="80443" level="5" frequency="30" timeframe="120" ignore="60">
<if_matched_sid>80442</if_matched_sid>
<same_field>aws.httpRequest.clientIp</same_field>
<options>no_full_log</options>
<description>AWS WAF - Multiple blocked requests.</description>
</rule>

Delfina Lizarralde Bressan

unread,

Aug 31, 2022, 5:07:01 PM8/31/22

to Wazuh mailing list

Hi there!

Thanks for using wazuh.

After increasing the frequency, have you restarted your wazuh service?

I wait for your answer.

Regards.

Arimatéia Junior

unread,

Aug 31, 2022, 6:54:38 PM8/31/22

to Ademola Adebisi, Wazuh mailing list, Marcus Neves

Hi,

At the moment I'm still testing the solution and trying to understand how these rules work, for now let's leave it like this and analyze it better as the days go by, ok?

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/d2de7610-856f-4598-af83-cc26f4d681c0n%40googlegroups.com.

--

Message has been deleted

Ademola Adebisi

unread,

Sep 12, 2022, 11:46:29 AM9/12/22

to Wazuh mailing list

Hi

Why is my message being deleted? I am trying to inquire about this issue.

Thanks

Reply all

Reply to author

Forward