domgre.blogg.se

AWS WAFv2 Web ACL (WAF Classic not supported).Access keys can be associated with an access policy that restricts access based on the source IP. The ThreatSTOP cloud performs policy updates through the AWS API.For instance if you take the defaults and assign 30 block IPSets and 1 allow, the resulting policy can contain up to 300k block rules (subnets) and 10k allow rules. The maximum size of the ThreatSTOP policy that can be loaded on the AWS WAF is correlated to the # of block/allow IPSets configured in the integration.If you need protection for other endpoint types, please contact ThreatSTOP Support for assitance selecting the right product for your specific environment. The Web Application Firewalls (WAF) only protect endpoints for HTTP/HTTPs traffic.This is useful for validating a policy without enforcing filtering. The default ‘BLOCK’ of course blocks the request, while ‘COUNT’ allows the request but logs the event. The integration supports a monitoring mode by changing the block action to ‘COUNT’.Any managed rule(s) for things like SQL Injection Protection, or other custom rules will not be touched so long as they are named differently than the ThreatSTOP rule naming convention (e.g.

Each IPSet is capable of supporting 10,000 IP Addresses/CIDRs. Each rule can have multiple predicates (IPSet Match Groups) using the ‘OR’ operator.

Amazon limits Web ACLs (v2) to 100 rules per region.

S3 costs to store logs and retrieve logs if logging is enabled.Ĭonfiguration done through ThreatSTOP Centralized Manager (TSCM) VM Command line interface (CLI), AWS Identity Access ID & Secret stored on VM onlyĬonfiguration done through ThreatSTOP Admin portal, AWS Identity Access ID & Secret stored on VM onlyĬonfiguration done through ThreatSTOP Admin portal, Supports both Identity and Role based access stored in Admin portal.

the costs of the WAF rules (WAF WebACL subscription, IPSet rules, number of web requests processed by the Web ACL).

The AWS costs associated with the integration are tied to the account containg the WAF and S3 buckets. This means we will default block IPSets with (our test block IP Address) 64.87.3.133/32 and default allow IPSets with 192.124.129.42/32. Please note that in a recent change, Amazon has removed the ability to creating empty IPSets. If you current AWS Infrastructure uses WAF-Classic, please see this document. Note: This document pertains to AWS’s WAF version 2.

Enabling DNS Defense Cloud on Windows Server.

Cisco ASA via REST API (TSCM Web Automation).

Cisco ASA via SSH (TSCM Web Automation).