Skip to content
This repository was archived by the owner on May 29, 2024. It is now read-only.

Commit b52fa42

Browse files
ConnorKirkConnorKirk
committed
Add description of each step
1 parent cc9cf5c commit b52fa42

File tree

1 file changed

+11
-3
lines changed

1 file changed

+11
-3
lines changed

docs/step-2.md

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,12 @@
11
# Step 2 - Customising and extending AWS WAF Security Automations Solution
22

3+
In this step, you will configure the WAF Security Automation Solution. Once you have configured the HTTP Flood Protection and Probe/Scanner Log Parser, you will test the new rules.
34

45
## 2.1.1 Customise HTTP Flood Protection (AWS Lambda Log Parser)
56

7+
The HTTP Flood protection provided by the Security Automation Solution can be configured. In this step, you will explore the possible configuration options.
8+
9+
610
The HTTP Flood log parser comes with some extensions points, they are:
711

812
* Request Threshold: the maximum acceptable requests per five minutes per IP address.
@@ -13,7 +17,9 @@ The HTTP Flood log parser comes with some extensions points, they are:
1317
The goal now is to apply customizations and check how it affects the log parser behavior.
1418

1519

16-
### 2.1.2 Customising the Parser
20+
### 2.1.2 Customising the HTTP Log Parser
21+
22+
In this step you will edit the configuration file for the HTTP Log parser. This configuration is used by the Lambda Log Parser when processing log files.
1723

1824
* Go to the S3 bucket used for WAF Logs Bucket. To check it's name, go to stack's Outputs tab and search for the value defined for WafLogBucket;
1925
* Download the configuration file `<stack_name>-waf_log_conf.json`;
@@ -62,8 +68,10 @@ curl -s -o /dev/null -w "Return Code: %{http_code}\n" <your-endpoint>
6268

6369

6470

65-
Now we will customise our Scanner and Probe rules. These use Amazon Athena.
66-
The solutions refer to the Athena by a saved query ID. As Athena don't allow you to change saved queries, the process to apply customizations to Athena query is by creating a new query and updating the Athena log parser event to use the new query ID.
71+
Now you will customise our Scanner and Probe rules. These use Amazon Athena to query the logs generated by an application.
72+
The solutions refer to Athena by a saved query ID. As Athena don't allow you to change saved queries, the process to apply customizations to Athena query is by creating a new query and updating the Athena log parser event to use the new query ID.
73+
74+
By customising the query performed by Athena, you can specify the rules for blocking scanners and probes.
6775

6876
### 2.2.1
6977
* Navigate to the Amazon Athena console, select the Saved Queries tab;

0 commit comments

Comments
 (0)