Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Enable Logging Rule for AWS WAFv2 Web ACLs

Ensure logging is enabled on AWS WAFv2 regional and global web access control lists.

RuleLogging should be enabled on AWS WAFv2 regional and global web access control list (ACLs)
FrameworkNIST Cybersecurity Framework (CSF) v1.1
Severity
Low

Rule Description:

Logging should be enabled on AWS WAFv2 regional and global web access control lists (ACLs) for NIST Cybersecurity Framework (CSF) v1. This rule ensures that all web access control lists within AWS WAFv2 have logging enabled, providing the necessary visibility into potential security incidents and supporting compliance with the NIST Cybersecurity Framework.

Troubleshooting Steps:

If logging is not enabled on the web access control lists, follow these troubleshooting steps:

  2. 1.
    Verify that the AWS WAFv2 regional and global web access control lists are correctly configured.
  4. 2.
    Check if the logs are being delivered to the designated logging service or S3 bucket.
  6. 3.
    Ensure that the logging service or S3 bucket has the necessary permissions to receive the logs.
  8. 4.
    Review the AWS WAFv2 documentation and the NIST Cybersecurity Framework for any specific requirements or recommendations regarding logging configurations.
  10. 5.
    Check for any error messages or warnings in the AWS WAFv2 service logs or CloudWatch Logs.

Necessary Codes:

No necessary codes are required for enabling logging on AWS WAFv2 regional and global web access control lists.

Step-by-Step Guide for Remediation:

  2. 1.
    Log in to the AWS Management Console.
  4. 2.
    Navigate to the AWS WAFv2 service.
  6. 3.
    Select the appropriate region where the web access control lists are located.
  8. 4.
    Click on "Web ACLs" in the left-hand navigation panel.
  10. 5.
    Identify the regional and global web access control lists for which logging needs to be enabled.
  12. 6.
    Click on the name of the web access control list that requires logging.
  14. 7.
    In the web access control list details page, click on the "Logging" tab.
  16. 8.
    Ensure that the "Log web requests" toggle switch is set to "ON."
  18. 9.
    Select the desired logging destination, such as CloudWatch Logs or an S3 bucket.
  20. 10.
    Provide the necessary configuration details, including the log destination ARN or S3 bucket details.
  22. 11.
    Review and confirm the logging settings.
  24. 12.
    Click on "Update Logging" to save the changes and enable logging on the web access control list.
  26. 13.
    Repeat steps 6 to 12 for any other web access control lists that require logging.

Note: Remember to follow the NIST Cybersecurity Framework guidelines and best practices while configuring logging for the web access control lists.

By enabling logging on AWS WAFv2 regional and global web access control lists, you will have a robust logging mechanism in place to monitor and analyze web requests, aiding in incident response, threat detection, and overall compliance with the NIST Cybersecurity Framework.

Is your System Free of Underlying Vulnerabilities?
Find Out Now