...
Source | Destination | Port | Description |
LCP | AWS WAFSQS | 443 (TCP) | Default port |
Configuring AWS WAF
...
LCP Configuration Parameters
Table 1-2: The AWS WAF event collector (API - 3896) properties to be configured by MDR are given in the table.
MxDR supports log collection using role based access control (RBAC) or access key ID and secret method.
To create access key ID and secret please refer https://docs.aws.amazon.com/powershell/latest/userguide/pstools-appendix-sign-up.html
To support log collection using RBAC please refer Accenture MDR Quick Start Guide for Role Based Access Control in AWS Generic Sensor
Table 1-2: The AWS WAF event collector (API - 3896) properties to be configured by MDR are given in table.
Property | Access Key and Secret | RBAC |
|---|---|---|
Region | Enter region (Eg: us-west-2) | Enter region (Eg: us-west-2) |
AWS Access Key ID Or Role ARN | Enter Access Key | Provide Role ARN |
AWS Secret Access Key Or External ID | Enter Secret | Enter external ID |
Logging Source | Cloudwatch or SQSCloudwatch or | SQS |
S3 Bucket/Log Group(s)/SQS Queue URL | Provide cloudwatch log group or SQS URL | Provide cloudwatch log group or SQS URL |
Bucket Prefix Path(s) | Leave Empty | Leave Empty |
...