Logo of Trend Micro

Enable Simple Log Service for Web Application Firewall

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: Medium (should be achieved)

Ensure that the Simple Log Service (SLS) integration is enabled for Web Application Firewall (WAF). Once the integration is enabled, the WAF service begins to collect and deliver the log fields of the protected objects to a dedicated SLS Logstore. This helps you investigate attacks, understand security posture, and comply with regulations. To enable the SLS integration, a subscription WAF 3.0 Pro Edition, Enterprise Edition, or Ultimate Edition instance or a pay-as-you-go WAF 3.0 instance is required.

Security

Enabling the Simple Log Service (SLS) integration for Alibaba Cloud Web Application Firewall (WAF) lets you analyze detailed logs of protected objects. This helps you understand security threats, investigate incidents, and optimize WAF rules. Without SLS integration, you can't optimize your WAF protected objects for maximum protection.

Audit

To determine if the SLS integration is enabled for Alibaba Cloud Web Application Firewall (WAF), perform the following operations:

Getting the SLS integration status via Alibaba Cloud CLI (aliyun) is not currently supported.

Using Alibaba Cloud Console

01 Sign in to your Alibaba Cloud account.

02 Navigate to Application Firewall (WAF) console available at https://yundun.console.aliyun.com/?p=cfwnext#/overview/home.

03 In the top navigation bar, select the resource group and the cloud region in which the WAF instance is deployed. The cloud region can be Chinese Mainland or Outside Chinese Mainland.

04 In the left navigation panel, under Security Operations, choose Log Service.

05 On the Log Service page, select the WAF protected object that you want to examine, and check the Status setting to determine if the SLS integration is enabled for your protected object. If the Status setting is not active, the SLS integration is not enabled for the selected WAF protected object. If the Status setting is not available, instead a Get Started page with an Enable Log Service for WAF button is displayed, the Simple Log Service (SLS) integration is not enabled for Web Application Firewall (WAF).

Remediation / Resolution

To ensure that the Simple Log Service (SLS) integration for Alibaba Cloud Web Application Firewall (WAF) is enabled, perform the following operations:

Enabling the SLS integration via Alibaba Cloud CLI (aliyun) is not currently supported.

Using Alibaba Cloud Console

01 Sign in to your Alibaba Cloud account.

02 Navigate to Application Firewall (WAF) console available at https://yundun.console.aliyun.com/?p=cfwnext#/overview/home.

03 In the top navigation bar, select the resource group and the cloud region in which the WAF instance is deployed. The cloud region can be Chinese Mainland or Outside Chinese Mainland.

04 In the left navigation panel, under Security Operations, choose Log Service.

05 On the Log Service page, select the WAF protected object that you want to configure, and choose Enable Now to enable the SLS integration for the selected protected object. If the Enable Now setting is not available, instead a Get Started page is displayed, select the necessary storage region from the Simple Log Service Storage Region dropdown list and choose Enable Log Service for WAF to enable feature for Web Application Firewall (WAF). In the confirmation box, choose OK.

References

Publication date Apr 26, 2024

Related AlibabaCloud-SLS rules