AWS WAF Default_action logging..
79 views
Skip to first unread message
Lucas
Jan 2, 2023, 4:09:16 AM1/2/23
to Wazuh mailing list
HI team
I do not want to log default_action in AWS WAF.
However, both default_action were detected, causing the index to become too large.
If "data.aws.ruleGroupList.terminatingRule.ruleId" exists (other than default_Action), the log is 2830 for 24 hours.
However, if you include default_action (if "data.aws.ruleGroupList.terminatingRule.ruleId" does not exist), there are 34,176,559 logs in 24 hours. This is how many logs are unnecessary.
However, if you include default_action (if "data.aws.ruleGroupList.terminatingRule.ruleId" does not exist), there are 34,176,559 logs in 24 hours. This is how many logs are unnecessary.
help me..
Awwal Ishiaku
Jan 5, 2023, 7:45:52 AM1/5/23
to Wazuh mailing list
Hi Lucas,
You need to be more specific in your rules if you do not wish to alert so many events.
Perhaps, there is something specific you wish to alert in the logs.
Can you share the rules you have created?
Perhaps, there is something specific you wish to alert in the logs.
Can you share the rules you have created?
Also share some log samples.
Regards.
Regards.
Reply all
Reply to author
Forward
0 new messages