Create 100030-amazon_aws_cloudwatch.xml

2025-10-23 00:02:11 +00:00 · 2024-12-11 08:04:51 -06:00
parent 186107bf47
commit ceaff9522b
1 changed files with 15 additions and 0 deletions
--- a/AWS/100030-amazon_aws_cloudwatch.xml
+++ b/AWS/100030-amazon_aws_cloudwatch.xml
@@ -0,0 +1,15 @@
+<group name="amazon,aws,cloudwatch,">
+  <rule id="100030" level="3">
+    <decoded_as>json</decoded_as>
+    <location>Wazuh-AWS$</location>
+    <options>no_full_log</options>
+    <description>Wazuh AWS Integration</description>
+  </rule>
+  <rule id="100031" level="3">
+    <if_sid>100030</if_sid>
+    <field name="httpSourceName">^ALB$</field>    
+    <options>no_full_log</options>
+    <description>AWS WAF Event - WAF Action $(action) By Rule Type: $(terminatingRuleType)</description>
+    <group>awswaf,</group>
+  </rule>
+</group>