Hello, I’m looking to build Custom Detection Rules on log sources Under WAF Activity. I’ve noticed the Event Type WAF Activity is not present when trying to create such rules. Please are there Rapid7 Rules on WAF Activity…
any ideas on how to go about this?
Hello David
Thank you for your reply, The WAF Solution is Imperva WAF.
On our InsightIDR Instance, inline with this documentation Imperva WAF | SIEM Documentation, the Event source is up and runs fine. The logs also come in under WAF Activity, but can’t possibly seem to create any Custom Detection Rule for this Imperva WAF Event Source. Have also leverage the custom parsing tool to extract key-pair values needed in the logs, and have created some queries which work well on Log search.
Would appreciate any help on creating custom detection rules particularly for the event source.
Thank you for the correction, I’ll reach out to the relevant team about potentially adding this document type to the Custom Rule builder
Thank you so much David, really appreciate…Such a Great team and community here @Rapid7
This has now been added as “Web Application Firewall Activity”
This is wonderful news!!! Thank you very much David and kudos to the entire team. This is much valued and really appreciated.