AWS waf documentation change
Summary
Updated documentation to include 'protection pack' terminology alongside web ACL references in logging configuration and data collection sections
Security assessment
Expands logging documentation to cover protection packs (likely a security feature), enhancing visibility into security-related traffic analysis. While security-related documentation is added, there's no evidence of addressing a specific vulnerability.
Diff
diff --git a/waf/latest/developerguide/logging.md b/waf/latest/developerguide/logging.md index d6d2ff381..40901396c 100644 --- a//waf/latest/developerguide/logging.md +++ b//waf/latest/developerguide/logging.md @@ -5 +5 @@ -# Logging AWS WAF web ACL traffic +**Introducing a new console experience for AWS WAF** @@ -7 +7 @@ -This section explains the logging options for your AWS WAF web ACLs. +You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). @@ -9 +9 @@ This section explains the logging options for your AWS WAF web ACLs. -You can enable logging to get detailed information about traffic that is analyzed by your web ACL. Logged information includes the time that AWS WAF received a web request from your AWS resource, detailed information about the request, and details about the rules that the request matched. You can send web ACL logs to an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Data Firehose delivery stream. +# Logging AWS WAF protection pack or web ACL traffic @@ -11 +11,5 @@ You can enable logging to get detailed information about traffic that is analyze -In addition to logs that you can enable for your web ACLs, AWS also uses service logs of website or application traffic processed by AWS WAF to provide support for and protect the security of AWS customers and services. +This section explains the logging options for your AWS WAF protection pack or web ACLs. + +You can enable logging to get detailed information about traffic that is analyzed by your web ACL. Logged information includes the time that AWS WAF received a web request from your AWS resource, detailed information about the request, and details about the rules that the request matched. You can send protection pack or web ACL logs to an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Data Firehose delivery stream. + +In addition to logs that you can enable for your protection pack or web ACLs, AWS also uses service logs of website or application traffic processed by AWS WAF to provide support for and protect the security of AWS customers and services. @@ -15 +19 @@ In addition to logs that you can enable for your web ACLs, AWS also uses service -Web ACL logging configuration only affects the AWS WAF logs. In particular, the redacted fields configuration for logging has no impact on request sampling or Security Lake data collection. You can exclude fields from collection or sampling by configuring web ACL data protection. Other than data protection, Security Lake data collection is configured entirely through the Security Lake service. +The protection pack or web ACL logging configuration only affects the AWS WAF logs. In particular, the redacted fields configuration for logging has no impact on request sampling or Security Lake data collection. You can exclude fields from collection or sampling by configuring protection pack or web ACL data protection. Other than data protection, Security Lake data collection is configured entirely through the Security Lake service. @@ -19 +23 @@ Web ACL logging configuration only affects the AWS WAF logs. In particular, the - * [Pricing for logging web ACL traffic information](./logging-pricing.html) + * [Pricing for logging protection pack or web ACL traffic information](./logging-pricing.html) @@ -23 +27 @@ Web ACL logging configuration only affects the AWS WAF logs. In particular, the - * [Configuring logging for a web ACL](./logging-management-configure.html) + * [Configuring logging for a protection pack or web ACL](./logging-management-configure.html) @@ -25 +29 @@ Web ACL logging configuration only affects the AWS WAF logs. In particular, the - * [Finding your web ACL records](./logging-management.html) + * [Finding your protection pack or web ACL records](./logging-management.html) @@ -27 +31 @@ Web ACL logging configuration only affects the AWS WAF logs. In particular, the - * [Log fields for web ACL traffic](./logging-fields.html) + * [Log fields for protection pack or web ACL traffic](./logging-fields.html) @@ -29 +33 @@ Web ACL logging configuration only affects the AWS WAF logs. In particular, the - * [Log examples for web ACL traffic](./logging-examples.html) + * [Log examples for protection pack or web ACL traffic](./logging-examples.html) @@ -38 +42 @@ In addition to logging, you can enable the following options for data collection - * **Amazon Security Lake** – You can configure Security Lake to collect web ACL data. Security Lake collects log and event data from various sources for normalization, analysis, and management. For information about this option, see [What is Amazon Security Lake?](https://docs.aws.amazon.com/security-lake/latest/userguide/what-is-security-lake.html) and [Collecting data from AWS services](https://docs.aws.amazon.com/security-lake/latest/userguide/internal-sources.html) in the _Amazon Security Lake user guide_. + * **Amazon Security Lake** – You can configure Security Lake to collect protection pack or web ACL data. Security Lake collects log and event data from various sources for normalization, analysis, and management. For information about this option, see [What is Amazon Security Lake?](https://docs.aws.amazon.com/security-lake/latest/userguide/what-is-security-lake.html) and [Collecting data from AWS services](https://docs.aws.amazon.com/security-lake/latest/userguide/internal-sources.html) in the _Amazon Security Lake user guide_. @@ -42 +46 @@ AWS WAF doesn't charge you for using this option. For pricing information, see [ - * **Request sampling** – You can configure your web ACL to sample the web requests that it evaluates, to get an idea of the type of traffic that your application is receiving. For information about this option, see [Viewing a sample of web requests](./web-acl-testing-view-sample.html). + * **Request sampling** – You can configure your protection pack or web ACL to sample the web requests that it evaluates, to get an idea of the type of traffic that your application is receiving. For information about this option, see [Viewing a sample of web requests](./web-acl-testing-view-sample.html).