Would like to know how anyone using #AWSWAF is solving for the lack of proper visualization and analytics at scale. Anyone else have multiple sites with over 500M requests/day or WAF logs in the trillions/day? Splunk/SIEM is a pricey answer.

#AWSWAF #AWSWAFBotControl is missing quite a few longer-tail user agents in the list of valid browser user agents behind its SignalNonBrowserUserAgent rule. Recommend you change this from the OOTB BLOCK setting to CAPTCHA or COUNT for now, and extensively review your logs for FPs and report them to AWS as found.

From @securityaffairs: Experts devised a technique to #bypass web application firewalls (#WAF) of several vendors.

"The researchers verifies that the bypass attack technique also worked against firewalls from other vendors, including #Cloudflare, #F5, Imperva, and #PaloAlto Networks."

#awswaf #infosec #WAFBypass

https://securityaffairs.co/wordpress/139445/hacking/web-application-firewalls-waf-bypass.html

RT @Crowd_Security@twitter.com

🎉 We've released the CrowdSec AWS WAF bouncer to protect your web applications! 🥳
✔️ The bouncer syncs the decisions made by CrowdSec to one or multiple #AWSWAF Web ACL
✔️ Supports ban and captcha decisions on IP or countries

Learn more 👉 https://crowdsec.net/blog/protect-your-applications-with-aws-waf-and-crowdsec/

🐦🔗: https://twitter.com/Crowd_Security/status/1518943233828655106