Skip to content

AWS WAF

Collect AWS WAF Metrics

Configuration

Install Func

It is recommended to activate the Guance Integration - Extension - DataFlux Func (Automata): All prerequisites are automatically installed. Please proceed with the script installation.

If you need to deploy Func yourself, refer to Deploy Func Manually

Install Script

Note: Please prepare the required Amazon AK in advance (for simplicity, you can directly grant the global read-only permission ReadOnlyAccess)

Activate Script for Managed Version

  1. Log in to the Guance console
  2. Click the 【Integration】 menu, select 【Cloud Account Management】
  3. Click 【Add Cloud Account】, select 【AWS】, and fill in the required information on the interface. If you have already configured the cloud account information before, you can skip this step.
  4. Click 【Test】, and after the test is successful, click 【Save】. If the test fails, please check if the relevant configuration information is correct and retest.
  5. Click 【Cloud Account Management】, and you can see the added cloud account in the list. Click the corresponding cloud account to enter the details page.
  6. Click the 【Integration】 button on the cloud account details page, find AWS WAF under the Not Installed list, and click the 【Install】 button. The installation interface will pop up for installation.

Manual Activation Script

  1. Log in to the Func console, click [Script Market], and enter the Guance Script Market. Search for: integration_aws_wafv2.

  2. Click [Install], then enter the corresponding parameters: AWS AK ID, AK Secret, and account name.

  3. Click [Deploy Startup Script]. The system will automatically create a Startup script set and configure the corresponding startup scripts.

  4. After enabling, you can see the corresponding automatic trigger configuration in "Manage / Automatic Trigger Configuration". Click [Execute] to immediately execute it once without waiting for the scheduled time. Wait a moment, and you can view the execution task records and corresponding logs.

Verification

  1. In "Manage / Automatic Trigger Configuration", confirm whether the corresponding task has the automatic trigger configuration. You can also check the corresponding task records and logs for any exceptions.
  2. In Guance, check if asset information exists in "Infrastructure - Resource Catalog".
  3. In Guance, check if there are corresponding monitoring data in "Metrics".

Metrics

AWS WAF Metrics are under the aws_AWS/WAFV2 Measurement. Below are descriptions of some metrics along with their units and statistical data.

Metric Description Unit
AllowedRequests Number of allowed web requests count
BlockedRequests Number of blocked web requests count
RequestsWithValidChallengeToken Number of web requests with a valid challenge token count
SampleBlockedRequest Number of sampled requests that executed a Block operation count
CaptchaRequests Number of web requests with CAPTCHA controls applied count
PassedRequests Number of passed requests. This is only used for requests that pass the rule group evaluation but do not match any rule group rules count
RequestsWithValidChallengeToken Number of web requests with a valid challenge token count
SampleAllowedRequest Number of sampled requests that executed an Allow operation count
SampleCaptchaRequest Number of sampled requests that executed a CAPTCHA operation count
SampleChallengeRequest Number of sampled requests that executed a Challenge operation count
SampleCountRequest Number of sampled requests that executed a Count operation count

Objects

The collected AWS WAF object data structure can be viewed in "Infrastructure - Resource Catalog".

{
  "measurement": "aws_wafv2",
  "tags": {
    "Id"                        : "91d10100-xxxxxxxxx-89fb90d1f566",
    "ARN"                       : "arn:aws:wafv2:us-east-1:87626xxxxx4:regional/webacl/test-123/446cc7d0-d87e-xxxxxxxxxx",
    "Capacity"                  : "CN",
    "LabelNamespace"            : "awswaf:87626xxxxx4:webacl:test-us-east-1:xxxxx",
    "ManagedByFirewallManager"  : "False",
    "RegionId"                  : "ap-southeast-1"
  },
  "fields": {
    "LockToken"                              : "6fe50442-fdfe-4dd5-ba54-5xxxxxxxxxxx",
    "Description"                            : "test-123",
    "AssociationConfig"                      : "{xxxxxxx}",
    "CaptchaConfig"                          : "{xxxxxxx}",
    "ChallengeConfig"                        : "{xxxxxxx}",
    "CustomResponseBodies"                   : "xxxxxxx",
    "DefaultAction"                          : "{"Allow": {}}",
    "PostProcessFirewallManagerRuleGroups"   : "Success",
    "PreProcessFirewallManagerRuleGroups"    : "{xxxxxxxx}",
    "Rules"                                  : "{Rules}",
    "TokenDomains"                           : "xxxxxxxx",
    "VisibilityConfig"                       : "{xxxxxxx}"
  }
}

Note: The fields in tags and fields may change with subsequent updates. ```

Feedback

Is this page helpful? ×