How to integrate WAF with SIEMs
Your logs from Web Application Firewall (WAF) can be integrated with SIEM platforms through Data Stream to monitor your edge applications behaviors, performance, and security.
Go to Data Stream reference- Access Azion Console > Data Stream.
- Click + Stream.
- Choose a unique and easy-to-remember name.
- On the Source dropdown menu, select Edge Applications.
- On the Template dropdown menu, select Edge Applications + WAF Event Collector.
- On Option, select between Filter Domains or All Current and Future Domains.
- Find more information on each option on How to associate domains on Data Stream.
- On the Destination section, select a Connector on the dropdown menu: Standard HTTP/HTTPS POST, Apache Kafka, Simples Storage Service (S3), Google BigQuery, Elasticsearch, Splunk, AWS Kinesis Data Firehose, Datadog, IBM QRadar, Azure Monitor, or Azure Blob Storage.
- You’ll see different fields depending on the endpoint type you choose. Find more information on each of them on the specific guide for the endpoint on the Observe guides section.
- Click the Save button.
- Access Real-Time Manager (RTM) > Data Stream.
- Click Add Stream.
- Choose a unique and easy-to-remember name.
- On the Data Source dropdown menu, select Edge Applications.
- On the Template dropdown menu, select Edge Applications + WAF Event Collector.
- On Options, select between Filter Domains or All Domains.
- Find more information on each option on How to associate domains on Data Stream.
- On the Destination section, select an Endpoint Type on the dropdown menu: Standard HTTP/HTTPS POST, Apache Kafka, Simples Storage Service (S3), Google BigQuery, Elasticsearch, Splunk, AWS Kinesis Data Firehose, Datadog, IBM QRadar, Azure Monitor, or Azure Blob Storage.
- You’ll see different fields depending on the endpoint type you choose. Find more information on each of them on the specific guide for the endpoint on the Observe guides section.
- Click the Save button.
- Run the following
POST
request, replacing[TOKEN VALUE]
with your personal token:
- You’ll receive a response similar to this:
Wait a few minutes for the changes to propagate and your stream will be created.