Created
September 2, 2021 19:54
-
-
Save ncracker/7b4d6043a3775e730d1f862eeba4b438 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
id: waf | |
metric_id: amazon-waf | |
facets: | |
- | |
name: Action | |
source: log | |
path: system.action | |
groups: | |
- System | |
- | |
name: Client IP | |
source: log | |
path: network.client.ip | |
groups: | |
- Web Access | |
- | |
name: Request ID | |
source: log | |
path: http.request_id | |
groups: | |
- Web Access | |
- | |
name: Method | |
source: log | |
path: http.method | |
groups: | |
- Web Access | |
- | |
name: URL Path | |
source: log | |
path: http.url_details.path | |
groups: | |
- Web Access | |
- | |
name: S3 Bucket | |
source: log | |
path: aws.s3.bucket | |
groups: | |
- AWS | |
- | |
name: Source Name | |
source: log | |
path: httpSourceName | |
groups: | |
- WAF | |
- | |
name: Web ACL ID | |
source: log | |
path: webaclId | |
groups: | |
- WAF | |
- | |
name: Source Id | |
source: log | |
path: httpSourceId | |
groups: | |
- WAF | |
pipeline: | |
type: pipeline | |
name: AWS Web Application Firewall | |
enabled: true | |
filter: | |
query: 'source:waf' | |
processors: | |
- | |
type: attribute-remapper | |
name: 'Remap the client ip' | |
enabled: true | |
sources: | |
- httpRequest.clientIp | |
target: 'network.client.ip' | |
preserveSource: false | |
overrideOnConflict: false | |
- | |
type: attribute-remapper | |
name: 'Remap httpRequest.uri' | |
enabled: true | |
sources: | |
- httpRequest.uri | |
target: 'http.url_details.path' | |
preserveSource: false | |
overrideOnConflict: false | |
- | |
type: attribute-remapper | |
name: 'Remap httpRequest.httpMethod' | |
enabled: true | |
sources: | |
- httpRequest.httpMethod | |
target: 'http.method' | |
preserveSource: false | |
overrideOnConflict: false | |
- | |
type: attribute-remapper | |
name: 'Remap httpRequest.requestId' | |
enabled: true | |
sources: | |
- httpRequest.requestId | |
target: 'http.request_id' | |
preserveSource: false | |
overrideOnConflict: false | |
- | |
type: attribute-remapper | |
name: 'Remap action' | |
enabled: true | |
sources: | |
- action | |
target: 'system.action' | |
preserveSource: false | |
overrideOnConflict: false |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment