How to integrate WAF with SIEMs

Your logs from Web Application Firewall (WAF) can be integrated with SIEM platforms through Data Stream to monitor your edge applications behaviors, performance, and security.

go to Data Stream reference

Via Azion Console

Section titled Via Azion Console
  1. Access Azion Console > Data Stream.
  2. Click Add Streaming.
  3. Choose a unique and easy-to-remember name.
  4. On the Data Source dropdown menu, select Edge Applications.
  5. On the Template dropdown menu, select Edge Applications + WAF Event Collector.
  6. On Options, select between Filter Domains or All Domains. Find more information on each option on How to associate domains on Data Stream.
  7. On the Destination section, select an Endpoint Type on the dropdown menu: Standard HTTP/HTTPS POST, Apache Kafka, Simples Storage Service (S3), Google BigQuery, Elasticsearch, Splunk, AWS Kinesis Data Firehose, Datadog, IBM QRadar, Azure Monitor, or Azure Blob Storage.
    • You’ll see different fields depending on the endpoint type you choose. Find more information on each of them on the specific guide for the endpoint on the Observe guides section.
  8. Click the Save button.

Via API

Section titled Via API
  1. Run the following POST request, replacing [TOKEN VALUE] with your personal token:
Terminal window
curl --location 'https://api.azionapi.net/data_streaming/streamings' \
--header 'Accept: application/json; version=3' \
--header 'Authorization: Token [TOKEN VALUE]' \
--header 'Content-Type: application/json' \
--data '{
    "name": "Kafka Connector",
    "template_id": 184,
    "domain_ids": [1656613172],
    "data_source": "http",
    "endpoint": {
        "endpoint_type": "kafka",
        "kafka_topic": "mykafka.dts.topic",
        "bootstrap_servers": "infra.my.net:9094,infra.my.net:9094"
    },
    "all_domains": false
}'
  1. You’ll receive a response similar to this:
{
  "results": {
    "id": 1594,
    "name": "Kafka Connector",
    "template_id": 184,
    "data_source": "http",
    "active": true,
    "endpoint": {
      "endpoint_type": "kafka",
      "use_tls": false,
      "kafka_topic": "mykafka.dts.topic",
      "bootstrap_servers": "infra.my.net:9094,infra.my.net:9094"
    },
    "all_domains": false
  },
  "schema_version": 3
}

Wait a few minutes for the changes to propagate and your stream will be created.



Contributors