Amazon Web Application Firewall (WAF)

Samurai [Local] Collector	Samurai [Cloud] Collector

This guide describes the steps required to configure Amazon Web Services (AWS) to send Web Application Firewall (WAF) logs to S3 storage for ingestion to Samurai via a cloud collector.

Prerequisites

You will need to deploy an AWS cloud collector via the Samurai MDR portal. Follow the steps outlined in:

SamurAI Cloud Collector

When completing the steps under section Amazon Web Services you will need to name the bucket starting with aws-waf-logs- as recommended by AWS. See the section Naming requirements and syntax from the vendor documentation.

Alternatively, you can utilize the integration setup wizard via the Samurai MDR portal for the desired telemetry source listed on Product Integration Guide page which shall provide you the same information required to setup your telemetry source.

Enabling Amazon Web Application Firewall Logging

Follow the official AWS documentation guide:

Sending protection pack (web ACL) traffic logs to an Amazon Simple Storage Service bucket
When completing the steps ensure to select the S3 bucket created in the previous section with the bucket name prefix aws-waf-logs-
Ensure permissions required to publish logs to Amazon S3 is also completed as applicable

Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.