AWS Security ChangesHomeSearch

AWS network-firewall medium security documentation change

Service: network-firewall · 2025-06-22 · Security-related medium

File: network-firewall/latest/developerguide/atd-deep-threat-inspection.md

Summary

Clarified deep threat inspection opt-out process and specified 'global' rule group improvements. Split paragraph for readability.

Security assessment

The change explicitly states that opting out prevents network traffic data from being used for 'global' rule group improvements, indicating cross-customer threat intelligence sharing. This clarifies data usage implications and customer control over security data contributions.

Diff

diff --git a/network-firewall/latest/developerguide/atd-deep-threat-inspection.md b/network-firewall/latest/developerguide/atd-deep-threat-inspection.md
index 788da5e89..3e10824f2 100644
--- a//network-firewall/latest/developerguide/atd-deep-threat-inspection.md
+++ b//network-firewall/latest/developerguide/atd-deep-threat-inspection.md
@@ -7 +7,3 @@
-AWS Network Firewall plans to augment the active threat defense managed rule group with an additional deep threat inspection capability. When this capability is released, AWS will analyze service logs of network traffic processed by these rule groups to identify threat indicators across customers. AWS will use these threat indicators to improve the active threat defense managed rule groups and protect the security of AWS customers and services.
+AWS Network Firewall plans to augment the active threat defense managed rule group with an additional deep threat inspection capability. When this capability is released, AWS will analyze service logs of network traffic processed by these rule groups to identify threat indicators across customers.
+
+AWS will use these threat indicators to improve the active threat defense managed rule groups and protect the security of AWS customers and services.
@@ -11 +13 @@ AWS Network Firewall plans to augment the active threat defense managed rule gro
-Customers can opt-out of deep threat inspection at any time through the AWS Network Firewall console or API. When customers opt out, AWS Network Firewall will not use the network traffic processed by those customers' active threat defense rule groups for rule group improvement.
+Customers can opt-out of deep threat inspection at any time through the AWS Network Firewall console or API. When customers opt out, AWS Network Firewall will not use the network traffic processed by those customers' active threat defense rule groups for global rule group improvement.