AWS Network Firewall Managed Signatures
0
Hi,
I am trying to configure statefull rule using the new AWS network firewall managed signatures . I am seeing that firewall is detecting some malicious traffic but its not blocked. Any idea how i can change the action to block or drop?
Thanks
asked 8 days ago6 views
1 Answers
1
It sounds like your default action for the managed rule group is set to alert. You can set it to drop to block the traffic: https://docs.aws.amazon.com/network-firewall/latest/developerguide/nwfw-using-managed-rule-groups.html
You may also need to check out your rule group ordering: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html#suricata-default-rule-evaluation-order
answered 8 days ago
Relevant questions
AWS CloudFormation deployment of AWS Network Firewall
Accepted Answerasked a year agoVPC peering and Network Firewall
asked 3 months agoNetwork Firewall logs unusable
asked 5 months agoCan AWS Network Firewall allow traffic from an instance using its tags or some other metadata
Accepted Answerasked 3 months agoAWS Network Firewall Domain list Port
asked 8 days agoAWS Network Firewall Managed Signatures
asked 8 days agoWhen to propose AWS Network Firewall vs 3rd party options?
asked 2 days agoSSM Network firewall audit
asked 5 months agoAWS firewall manager and custom protocol lists
asked 3 months agoTransit Gateway and AWS Network Firewall
Accepted Answerasked 10 months ago
0 thanks mike for helping me out. How can i set them to drop? I have disabled the run in alert mode. I don't see any other option