Rule: Logging should be enabled on AWS WAFv2 Web ACLs

Ensure logging is enabled on AWS WAFv2 Web ACLs for better security monitoring.

Rule	Logging should be enabled on AWS WAFv2 regional and global web access control list (ACLs)
Framework	NIST 800-53 Revision 5
Severity	✔ Low

Rule Description

The rule requires enabling logging on AWS WAFv2 regional and global web access control lists (ACLs) to adhere to the controls specified in NIST 800-53 Revision 5. Logging enables the capture of detailed information about web requests and actions taken by the web application firewall, allowing security teams to analyze and respond to potential security incidents effectively.

Troubleshooting Steps (if applicable)

If you encounter any issues while enabling logging on AWS WAFv2 ACLs, follow these troubleshooting steps:

1.

Verify IAM Permissions: Ensure that the AWS Identity and Access Management (IAM) user or role associated with the AWS WAFv2 ACL has the necessary permissions to enable logging.

2.

Check WAFv2 Log Capacity: Confirm that there is enough available capacity to store the logs generated by enabling logging on the WAFv2 ACL. If the log capacity is reached, consider increasing it or managing log retention to prevent log loss.

3.

Review CloudWatch Logs: Check for any errors or warnings related to AWS WAFv2 logging in the CloudWatch Logs console. Investigate and resolve any logged errors to ensure the logging process functions correctly.

Necessary Codes (if applicable)

No specific codes are required for enabling logging on AWS WAFv2 regional and global web ACLs. The configuration can be done through the AWS Management Console or AWS Command Line Interface (CLI).

Step-by-Step Guide for Remediation

Follow the step-by-step guide to enable logging on AWS WAFv2 regional and global web ACLs:

1.

Sign in to the AWS Management Console.

2.

Open the AWS WAFv2 console.

3.

Select the desired region from the top-right corner of the console.

4.

Navigate to the "Web ACLs" section in the AWS WAFv2 console.

5.

Identify the regional or global web ACL for which you want to enable logging and click on its name.

6.

Click on the "Logging" tab in the web ACL details view.

7.

Toggle the "Enable Logging" option to the "ON" position.

8.

Select a destination for the logs. You can choose to send the logs to an Amazon S3 bucket or a CloudWatch Logs group.

9.

Configure the log settings as per your requirements. You can specify the log file prefix, storage interval, and log format.

10.

Configure the Publishing Frequency settings based on how often you want logs to be published.

11.

Click "Save" to enable logging on the web ACL.

Once logging is enabled, AWS WAFv2 will start capturing and storing logs according to the chosen configuration. You can now analyze and monitor these logs for security and compliance purposes.

Rule: Logging should be enabled on AWS WAFv2 Web ACLs

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Rule Description

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps (if applicable)

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Codes (if applicable)

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step-by-Step Guide for Remediation

Is your System Free of Underlying Vulnerabilities? Find Out Now

Rule Description

Troubleshooting Steps (if applicable)

Necessary Codes (if applicable)

Step-by-Step Guide for Remediation

Is your System Free of Underlying Vulnerabilities?
Find Out Now