By using AWS re:Post, you agree to the Terms of Use

AWS Network Firewall Managed Signatures

0

Hi,

I am trying to configure statefull rule using the new AWS network firewall managed signatures . I am seeing that firewall is detecting some malicious traffic but its not blocked. Any idea how i can change the action to block or drop?

Thanks

1 Answer
1

It sounds like your default action for the managed rule group is set to alert. You can set it to drop to block the traffic: https://docs.aws.amazon.com/network-firewall/latest/developerguide/nwfw-using-managed-rule-groups.html

You may also need to check out your rule group ordering: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html#suricata-default-rule-evaluation-order

profile picture
answered 5 months ago
  • 0 thanks mike for helping me out. How can i set them to drop? I have disabled the run in alert mode. I don't see any other option

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions