This integration enables IP addresses from alerts to populate into an IP Set on an AWS WAF
The AWS WAFv2 IP Set Integration allows you to automate the management of IP addresses in your AWS Web Application Firewall (WAF). It automatically adds IPs to a WAF blocklist or allowlist based on specific alerts in FireTail, such as those triggered by suspicious activity or security threats (e.g., SQL injection attempts). This ensures real-time protection against malicious traffic by blocking harmful IPs or permitting trusted ones. By integrating FireTail with AWS WAFv2, you can automatically respond to potential threats and keep your environment secure without manual intervention.
Key benefits:
The integration adds IP addresses from alerts to an AWS WAF IP Set, simplifying the process of blocking or allowing IPs based on detected threats.
It provides immediate updates to your IP Set, ensuring that malicious IPs or trusted ones are handled promptly based on recent alerts
This integration connects FireTail’s alert system to AWS WAFv2, enabling it to update an IP Set whenever an alert is triggered. When a pre-configured alert (such as detecting malicious activity) goes off, the integration adds the triggering IP addresses to an AWS WAFv2 IP Set, either blocking or allowing access depending on the IP Set’s configuration.
The integration supports both IPv4 and IPv6, and works across regional WAFs and CloudFront.
To set up this integration, you'll need an AWS account with permissions to create CloudFormation stacks and manage AWS WAF resources.
FireTail will use CloudFormation to create the necessary IAM roles to interact with AWS WAFv2.
For more details, you can refer to the documentation or contact support for assistance.