How to integrate WAF with SIEMs

Your logs from Web Application Firewall (WAF) can be integrated with SIEM platforms through Data Stream to monitor your edge applications behaviors, performance, and security.

Go to Data Stream reference
  1. Access Azion Console > Data Stream.
  2. Click + Stream.
  3. Choose a unique and easy-to-remember name.
  4. On the Source dropdown menu, select Edge Applications.
  5. On the Template dropdown menu, select Edge Applications + WAF Event Collector.
  6. On Option, select between Filter Domains or All Current and Future Domains.
  1. On the Destination section, select a Connector on the dropdown menu: Standard HTTP/HTTPS POST, Apache Kafka, Simples Storage Service (S3), Google BigQuery, Elasticsearch, Splunk, AWS Kinesis Data Firehose, Datadog, IBM QRadar, Azure Monitor, or Azure Blob Storage.
  • You’ll see different fields depending on the endpoint type you choose. Find more information on each of them on the specific guide for the endpoint on the Observe guides section.
  1. Click the Save button.


Contributors