By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS Network Firewall Managed Signatures

0

Hi,

I am trying to configure statefull rule using the new AWS network firewall managed signatures . I am seeing that firewall is detecting some malicious traffic but its not blocked. Any idea how i can change the action to block or drop?

Thanks

Topics
Security, Identity, & Compliance
Tags
AWS Network Firewall
Language
English
AWS-User9010
asked 2 years ago366 views
1 Answer
1

It sounds like your default action for the managed rule group is set to alert. You can set it to drop to block the traffic: https://docs.aws.amazon.com/network-firewall/latest/developerguide/nwfw-using-managed-rule-groups.html

You may also need to check out your rule group ordering: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html#suricata-default-rule-evaluation-order

profile pictureAWS
that_mike
answered 2 years ago
  • AWS-User9010
    2 years ago

    0 thanks mike for helping me out. How can i set them to drop? I have disabled the run in alert mode. I don't see any other option

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content