I am curious if anybody is ingesting AWS WAF logs into InsightIDR? If so; how are you ingesting them and how successful has it been?

Hi @banderson ,

anecdotally we’ve had some customers successfully configure a Custom Log event source for AWS WAF logs. Using the S3 bucket collection method.

Using this method the collector can read new events being written to the bucket, and ingest the logs in their native JSON format. Once configured you can leverage Dashboards and Custom Alerts to help visualize and monitor these events.