AWS Waf Top Insights 1 8 2025
HTML-код
- Опубликовано: 9 янв 2025
- Fight DDoS Attacks Better With AWS WAF’s New Top Insights Visualization Tool
Looking for more tools to fight off malicious parties attacking your website?
AWS just launched another small, yet useful, tool for you.
As of Jan 3rd, 2025, there is a new section in AWS WAF that uses CloudWatch Insights and your WAF logs to populate some simple visualizations. These include the following:
Top 100 Uri Paths
HTTP Method
Top 100 Client IPs
Top 100 User agent
Now for you veteran WAF Ninjas, you might think this is noob stuff and I agree. It is a great starting point for those looking to analyze DDoS traffic, but it is not the end-all-be-all for it.
Combining the WAF logs with CW Insights is an insanely powerful tool for figuring out how and who is attacking your system. This is not just for DDoS attacks but also to track malicious parties that are stealing your data.
*If you are interested in hearing more about how I do this to fend off attacks on my clients that get hundreds of millions of requests let me know in the comments*
Feature Request For The AWS WAF Team:
I suggest adding a button that will open the exact query you are using to populate those insight widgets on the CloudWatch Insights page.
That would allow users to take your basic queries as a starting point then edit them in CW Insights to fit their specific needs.
Cost Concerns:
Keep in mind you get charged for every CW Insights Query you run so don’t run those queries frivolously.
Question For You:
What CloudWatch Insight queries have you found the most valuable for tracking malicious traffic patterns?
