-
Notifications
You must be signed in to change notification settings - Fork 171
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
70 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
68 changes: 68 additions & 0 deletions
68
docs/en/observability/cloud-monitoring/aws/monitor-aws-waf-firehose.asciidoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| [[monitor-aws-waf-firehose]] | ||
| = Monitor Web Application Firewall (WAF) logs | ||
|
|
||
| ++++ | ||
| <titleabbrev>Monitor WAF logs</titleabbrev> | ||
| ++++ | ||
|
|
||
| In this section, you'll learn how to send AWS WAF events from AWS to your Elastic stack using Amazon Data Firehose. | ||
|
|
||
| You will go through the following steps: | ||
|
|
||
| - Select a WAF-compatible resource (CloudFront distribution) | ||
| - Set up a Firehose delivery stream | ||
| - Create a web Access Control List (ACL) to generate WAF logs | ||
| - Set up logging to forward the logs to the Elastic stack using a Firehose stream | ||
| - Visualize your WAF logs in {kib} | ||
|
|
||
| [discrete] | ||
| [[firehose-cloudtrail-prerequisites]] | ||
| == Before you begin | ||
|
|
||
| We assume that you already have: | ||
|
|
||
| - An AWS account with permissions to pull the necessary data from AWS. | ||
| - A deployment using our hosted {ess} on {ess-trial}[{ecloud}]. The deployment includes an {es} cluster for storing and searching your data, and {kib} for visualizing and managing your data. AWS Data Firehose works with Elastic Stack version 7.17 or greater, running on Elastic Cloud only. | ||
|
|
||
| IMPORTANT: Make sure the deployment is on AWS, because the Amazon Data Firehose delivery stream connects specifically to an endpoint that needs to be on AWS. | ||
|
|
||
| [discrete] | ||
| [[firehose-waf-step-one]] | ||
| == Step 1: Install AWS integration in {kib} | ||
|
|
||
| . Install AWS integrations to load index templates, ingest pipelines, and dashboards into {kib}. In {kib}, navigate to *Management* > *Integrations* and find the AWS Integration by browsing the catalog. | ||
|
|
||
| . Navigate to the *Settings* tab and click *Install AWS assets*. Confirm by clicking *Install AWS* in the popup. | ||
|
|
||
| . Install AWS Firehose integration assets in Kibana. | ||
|
|
||
| NOTE: Amazon Data Firehose integration is currently in beta. Make sure to enable *Display beta integrations*. | ||
|
|
||
| [discrete] | ||
| [[firehose-waf-resource-step-two]] | ||
| == Step 2: Select a WAF-compatible resource | ||
|
|
||
|
|
||
|
|
||
| [discrete] | ||
| [[firehose-waf-step-three]] | ||
| == Step 3: Set up a Firehose delivery stream | ||
|
|
||
|
|
||
|
|
||
| [discrete] | ||
| [[firehose-waf-step-four]] | ||
| == Step 4: Create a web ACL | ||
|
|
||
|
|
||
|
|
||
| [discrete] | ||
| [[firehose-waf-step-five]] | ||
| == Step 5: Set up logging | ||
|
|
||
|
|
||
|
|
||
| [discrete] | ||
| [[firehose-waf-step-six]] | ||
| == Step 6: Visualize your WAF logs in {kib} | ||
|
|