AwsWaf
The following are examples of the Amazon Security Finding Format for AwsWaf
resources.
AwsWafRateBasedRule
The AwsWafRateBasedRule
object contains details about an Amazon WAF
rate-based rule for global resources. An Amazon WAF rate-based rule provides settings to
indicate when to allow, block, or count a request. Rate-based rules include the number
of requests that arrive over a specified period of time.
The following example shows the Amazon Security Finding Format (ASFF) for the
AwsWafRateBasedRule
object. To view descriptions of
AwsWafRateBasedRule
attributes, see AwsWafRateBasedRuleDetails in the
Amazon Security Hub API Reference.
Example
"AwsWafRateBasedRule":{ "MatchPredicates" : [{ "DataId" : "391b7a7e-5f00-40d2-b114-3f27ceacbbb0", "Negated" : "True", "Type" : "IPMatch" , }], "MetricName" : "MetricName", "Name" : "Test", "RateKey" : "IP", "RateLimit" : 235000, "RuleId" : "5dfb4085-f103-4ec6-b39a-d4a0dae5f47f" }
AwsWafRegionalRateBasedRule
The AwsWafRegionalRateBasedRule
object contains details about a
rate-based rule for Regional resources. A rate-based rule provides settings to indicate
when to allow, block, or count a request. Rate-based rules include the number of
requests that arrive over a specified period of time.
The following example shows the Amazon Security Finding Format (ASFF) for the
AwsWafRegionalRateBasedRule
object. To view descriptions of
AwsWafRegionalRateBasedRule
attributes, see AwsWafRegionalRateBasedRuleDetails in the
Amazon Security Hub API Reference.
Example
"AwsWafRegionalRateBasedRule":{ "MatchPredicates" : [{ "DataId" : "391b7a7e-5f00-40d2-b114-3f27ceacbbb0", "Negated" : "True", "Type" : "IPMatch" , }], "MetricName" : "MetricName", "Name" : "Test", "RateKey" : "IP", "RateLimit" : 235000, "RuleId" : "5dfb4085-f103-4ec6-b39a-d4a0dae5f47f" }
AwsWafRegionalRule
The AwsWafRegionalRule
object provides details about an Amazon WAF Regional
rule . This rule identifies the web requests that you want to allow, block, or
count.
The following example shows the Amazon Security Finding Format (ASFF) for the
AwsWafRegionalRule
object. To view descriptions of
AwsWafRegionalRule
attributes, see AwsWafRegionalRuleDetails in the
Amazon Security Hub API Reference.
Example
"AwsWafRegionalRule": { "MetricName": "SampleWAF_Rule__Metric_1", "Name": "bb-waf-regional-rule-not-empty-conditions-compliant", "RuleId": "8f651760-24fa-40a6-a9ed-4b60f1de95fe", "PredicateList": [{ "DataId": "127d9346-e607-4e93-9286-c1296fb5445a", "Negated": false, "Type": "GeoMatch" }] }
AwsWafRegionalRuleGroup
The AwsWafRegionalRuleGroup
object provides details about an Amazon WAF
Regional rule group. A rule group is a collection of predefined rules that you add to a
web access control list (web ACL).
The following example shows the Amazon Security Finding Format (ASFF) for the
AwsWafRegionalRuleGroup
object. To view descriptions of
AwsWafRegionalRuleGroup
attributes, see AwsWafRegionalRuleGroupDetails in the
Amazon Security Hub API Reference.
Example
"AwsWafRegionalRuleGroup": { "MetricName": "SampleWAF_Metric_1", "Name": "bb-WAFClassicRuleGroupWithRuleCompliant", "RuleGroupId": "2012ca6d-e66d-4d9b-b766-bfb03ad77cfb", "Rules": [{ "Action": { "Type": "ALLOW" } }], "Priority": 1, "RuleId": "cdd225da-32cf-4773-8dc5-3bca3ed9c19c", "Type": "REGULAR" }
AwsWafRegionalWebAcl
AwsWafRegionalWebAcl
provides details about an Amazon WAF Regional web access
control list (web ACL). A web ACL contains the rules that identify the requests that you
want to allow, block, or count.
The following is an example AwsWafRegionalWebAcl
finding in the Amazon
Security Finding Format (ASFF). To view descriptions of
AwsApiGatewayV2Stage
attributes, see AwsWafRegionalWebAclDetails in the
Amazon Security Hub API Reference.
Example
"AwsWafRegionalWebAcl": { "DefaultAction": "ALLOW", "MetricName" : "web-regional-webacl-metric-1", "Name": "WebACL_123", "RulesList": [ { "Action": { "Type": "Block" }, "Priority": 3, "RuleId": "24445857-852b-4d47-bd9c-61f05e4d223c", "Type": "REGULAR", "ExcludedRules": [ { "ExclusionType": "Exclusion", "RuleId": "Rule_id_1" } ], "OverrideAction": { "Type": "OVERRIDE" } } ], "WebAclId": "443c76f4-2e72-4c89-a2ee-389d501c1f67" }
AwsWafRule
AwsWafRule
provides information about an Amazon WAF rule. An Amazon WAF rule
identifies the web requests that you want to allow, block, or count.
The following is an example AwsWafRule
finding in the Amazon Security
Finding Format (ASFF). To view descriptions of AwsApiGatewayV2Stage
attributes, see AwsWafRuleDetails in the Amazon Security Hub API Reference.
Example
"AwsWafRule": { "MetricName": "AwsWafRule_Metric_1", "Name": "AwsWafRule_Name_1", "PredicateList": [{ "DataId": "cdd225da-32cf-4773-1dc2-3bca3ed9c19c", "Negated": false, "Type": "GeoMatch" }], "RuleId": "8f651760-24fa-40a6-a9ed-4b60f1de953e" }
AwsWafRuleGroup
AwsWafRuleGroup
provides information about an Amazon WAF rule group. An Amazon WAF
rule group is a collection of predefined rules that you add to a web access control list
(web ACL).
The following is an example AwsWafRuleGroup
finding in the Amazon Security
Finding Format (ASFF). To view descriptions of AwsApiGatewayV2Stage
attributes, see AwsWafRuleGroupDetails in the Amazon Security Hub API Reference.
Example
"AwsWafRuleGroup": { "MetricName": "SampleWAF_Metric_1", "Name": "bb-WAFRuleGroupWithRuleCompliant", "RuleGroupId": "2012ca6d-e66d-4d9b-b766-bfb03ad77cfb", "Rules": [{ "Action": { "Type": "ALLOW", }, "Priority": 1, "RuleId": "cdd225da-32cf-4773-8dc5-3bca3ed9c19c", "Type": "REGULAR" }] }
AwsWafv2RuleGroup
The AwsWafv2RuleGroup
object provides details about an Amazon WAFV2 rule
group.
The following example shows the Amazon Security Finding Format (ASFF) for the
AwsWafv2RuleGroup
object. To view descriptions of
AwsWafv2RuleGroup
attributes, see AwsWafv2RuleGroupDetails in the
Amazon Security Hub API Reference.
Example
"AwsWafv2RuleGroup": { "Arn": "arn:aws-cn:wafv2:us-east-1:123456789012:global/rulegroup/wafv2rulegroupasff/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "Capacity": 1000, "Description": "Resource for ASFF", "Id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "Name": "wafv2rulegroupasff", "Rules": [{ "Action": { "Allow": { "CustomRequestHandling": { "InsertHeaders": [ { "Name": "AllowActionHeader1Name", "Value": "AllowActionHeader1Value" }, { "Name": "AllowActionHeader2Name", "Value": "AllowActionHeader2Value" } ] } }, "Name": "RuleOne", "Priority": 1, "VisibilityConfig": { "CloudWatchMetricsEnabled": true, "MetricName": "rulegroupasff", "SampledRequestsEnabled": false } }], "VisibilityConfig": { "CloudWatchMetricsEnabled": true, "MetricName": "rulegroupasff", "SampledRequestsEnabled": false } }
AwsWafWebAcl
The AwsWafWebAcl
object provides details about an Amazon WAF web ACL.
The following example shows the Amazon Security Finding Format (ASFF) for the
AwsWafWebAcl
object. To view descriptions of AwsWafWebAcl
attributes, see AwsWafWebAclDetails in the Amazon Security Hub API Reference.
Example
"AwsWafWebAcl": { "DefaultAction": "ALLOW", "Name": "MyWafAcl", "Rules": [ { "Action": { "Type": "ALLOW" }, "ExcludedRules": [ { "RuleId": "5432a230-0113-5b83-bbb2-89375c5bfa98" } ], "OverrideAction": { "Type": "NONE" }, "Priority": 1, "RuleId": "5432a230-0113-5b83-bbb2-89375c5bfa98", "Type": "REGULAR" } ], "WebAclId": "waf-1234567890" }
AwsWafv2WebAcl
The AwsWafv2WebAcl
object provides details about an Amazon WAFV2 web
ACL.
The following example shows the Amazon Security Finding Format (ASFF) for the
AwsWafv2WebAcl
object. To view descriptions of
AwsWafv2WebAcl
attributes, see AwsWafv2WebAclDetails in the Amazon Security Hub API Reference.
Example
"AwsWafv2WebAcl": { "Arn": "arn:aws-cn:wafv2:us-east-1:123456789012:regional/webacl/WebACL-RoaD4QexqSxG/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "Capacity": 1326, "CaptchaConfig": { "ImmunityTimeProperty": { "ImmunityTime": 500 } }, "DefaultAction": { "Block": {} }, "Description": "Web ACL for JsonBody testing", "ManagedbyFirewallManager": false, "Name": "WebACL-RoaD4QexqSxG", "Rules": [{ "Action": { "RuleAction": { "Block": {} } }, "Name": "TestJsonBodyRule", "Priority": 1, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "JsonBodyMatchMetric" } }], "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "TestingJsonBodyMetric" } }