Intelligent threat integration and Amazon Managed Rules - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Intelligent threat integration and Amazon Managed Rules

The intelligent threat integration APIs work with web ACLs that use the intelligent threat rule groups to enable the full functionality of these advanced managed rule groups.

  • Amazon WAF Fraud Control account creation fraud prevention (ACFP) managed rule group AWSManagedRulesACFPRuleSet.

    Account creation fraud is an online illegal activity in which an attacker creates invalid accounts in your application for purposes such as receiving sign-up bonuses or impersonating someone. The ACFP managed rule group provides rules to block, label, and manage requests that might be part of fraudulent account creation attempts. The APIs enable fine-tuned client browser verification and human interactivity information that the ACFP rules use to separate valid client traffic from malicious traffic.

    For more information, see Amazon WAF Fraud Control account creation fraud prevention (ACFP) rule group and Amazon WAF Fraud Control account creation fraud prevention (ACFP).

  • Amazon WAF Fraud Control account takeover prevention (ATP) managed rule group AWSManagedRulesATPRuleSet.

    Account takeover is an online illegal activity in which an attacker gains unauthorized access to a person's account. The ATP managed rule group provides rules to block, label, and manage requests that might be part of malicious account takeover attempts. The APIs enable fine-tuned client verification and behavior aggregation that the ATP rules use to separate valid client traffic from malicious traffic.

    For more information, see Amazon WAF Fraud Control account takeover prevention (ATP) rule group and Amazon WAF Fraud Control account takeover prevention (ATP).

  • Targeted protection level of the Amazon WAF Bot Control managed rule group AWSManagedRulesBotControlRuleSet.

    Bots run from self-identifying and useful ones, such as most search engines and crawlers, to malicious bots that operate against your website and don't self-identify. The Bot Control managed rule group provides rules to monitor, label, and manage the bot activity in your web traffic. When you use the targeted protection level of this rule group, the targeted rules use the client session information that the APIs provide to better detect malicious bots.

    For more information, see Amazon WAF Bot Control rule group and Amazon WAF Bot Control.

To add one of these managed rule groups to your web ACL, see the procedures Adding the ACFP managed rule group to your web ACL, Adding the ATP managed rule group to your web ACL, and Adding the Amazon WAF Bot Control managed rule group to your web ACL.

Note

The managed rule groups currently don't block requests that are missing tokens. In order to block requests that are missing tokens, after you implement your application integration APIs, follow the guidance at Blocking requests that don't have a valid Amazon WAF token.