Back to All Checks
Medium WAF Regional

AWS WAF rules should have CloudWatch metrics enabled

NIST 800-53

Description

This control checks whether an AWS WAF rule or rule group has Amazon CloudWatch metrics enabled. The control fails if the rule or rule group doesn't have CloudWatch metrics enabled. Configuring CloudWatch metrics on AWS WAF rules and rule groups provides visibility into traffic flow. This allows users to see which ACL rules are triggered and which requests are accepted and blocked, helping to identify malicious activity on associated resources.

Remediation

To enable CloudWatch metrics for AWS WAF rules and rule groups, configure the VisibilityConfig to enable CloudWatchMetricsEnabled for each rule group.

Steps

  1. Open the AWS WAF console.
  2. Navigate to 'Rule groups' in the left navigation pane.
  3. Select the rule group that needs CloudWatch metrics enabled.
  4. Edit the rule group configuration.
  5. In the 'Visibility configuration' section, enable 'CloudWatch metrics'.
  6. Save the rule group configuration.
  7. Verify that CloudWatch metrics are being published for the rule group.

Compliance

NIST 800-53
Start Your Free Security Check