WAF Managed Rules updates Slack Notification

daknhh

David Krohn

Posted on September 20, 2021

WAF Managed Rules updates Slack Notification

On August 9, 2021 AWS WAF released a managed rule group versioning feature. This feature is enabling you to select a specific version of a managed rule group within your web ACL, giving you the ability to test new rule updates safely and roll back to previously tested versions.
In addition, AWS WAF now provides early notifications of upcoming rule updates to your managed rule groups through Amazon Simple Notification Service (Amazon SNS). This automation will send slack notifications of managed rule updates for a specific managed rule group.

To retrieve the Amazon SNS topic ARN for a managed rule group you need to do the following:

Console

  • (Option) When you add the managed rule group to your web ACL, choose Edit to see the rule group's information, which includes the rule group's Amazon SNS topic ARN.

  • (Option) After you've added the managed rule group into your web ACL, edit the web ACL, then select and edit the rule group rule to see the rule group's Amazon SNS topic ARN.

API – DescribeManagedRuleGroup

CLI – aws wafv2 describe-managed-rule-group --scope REGIONAL --vendor-name --name

Architecture:

Architecture

Deployment

  1. Follow the documentation to get a Webhook for your Slack channel

  2. Upload 'MANAGEDRULE.png' as a custom emoji called 'managedrule' to Slack.

  3. Add your Webhook to WebhookUrl Parameters file in values/values.json

  4. Deploy the solution via taskfile

task deploy
Enter fullscreen mode Exit fullscreen mode

After deployment you can trigger the Lambda with the following test event to see and example notification

{
  "Type": "Notification",
  "MessageId": "4286b830-a463-5e61-bd15-e1ae72303868",
  "TopicArn": "arn:aws:sns:us-west-2:123456789012:MyTopic",
  "Subject": "New version available for rule group AWSManagedRulesCommonRuleSet",
  "Message": "Welcome to AWSManagedRulesCommonRuleSet version 1.5! We've updated the regex specification in this version to improve protection coverage, adding protections against insecure deserialization. For details about this change, see http://updatedPublicDocs.html. Look for more exciting updates in the future! ",
  "Timestamp": "2021-08-24T11:12:19.810Z",
  "SignatureVersion": "1",
  "Signature": "EXAMPLEHXgJm...",
  "SigningCertURL": "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-f3ecfb7224c7233fe7bb5f59f96de52f.pem",
  "SubscribeURL": "https://sns.us-west-2.amazonaws.com/?Action=ConfirmSubscription&TopicArn=arn:aws:sns:us-west-2:123456789012:MyTopic&Token=2336412f37...",
  "MessageAttributes": {
    "major_version": {
      "Type": "String",
      "Value": "v1"
    },
    "managed_rule_group": {
      "Type": "String",
      "Value": "AWSManagedRulesCommonRuleSet"
    }
  }
}
Enter fullscreen mode Exit fullscreen mode

Example Event:

Example Event

We hope you will find this solution helpful to get notifications for managed rules updates! If you have any feedback, please feel free to reach out to us or open a github issue.

💖 💪 🙅 🚩
daknhh
David Krohn

Posted on September 20, 2021

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

Cloud Security for DevOps Teams
undefined Cloud Security for DevOps Teams

November 29, 2024

Cloud Security for DevOps Teams
undefined Cloud Security for DevOps Teams

November 29, 2024

Cloud Security for DevOps Teams
undefined Cloud Security for DevOps Teams

November 29, 2024

Cloud Security for DevOps Teams
undefined Cloud Security for DevOps Teams

November 28, 2024