Merge pull request #1678 from lvoloshyn-sekoia/feat/add_fastly_audit_…

…docs Add docs for Fastly WAF Audit Logs
SEKOIA-IO · Apr 4, 2024 · 76aadeb · 76aadeb
2 parents a4d5d42 + 009acf8
commit 76aadeb
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 1 deletion.
diff --git a/docs/xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_audit_waf.md b/docs/xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_audit_waf.md
@@ -0,0 +1,56 @@
+uuid: c2faea65-1eb3-4f3f-b895-c8769a749d45
+name: Fastly WAF Audit logs
+type: intake
+
+
+## Overview
+
+Fastly WAF audit logs tracks activities related to your corp and your sites like user creation, rule creation, site configuration changes.
+
+!!! warning
+    Important note - This format is currently in beta. We highly value your feedback to improve its performance.
+
+{!_shared_content/operations_center/detection/generated/suggested_rules_c2faea65-1eb3-4f3f-b895-c8769a749d45_do_not_edit_manually.md!}
+
+{!_shared_content/operations_center/integrations/generated/c2faea65-1eb3-4f3f-b895-c8769a749d45.md!}
+
+## Configure
+
+### Creating API access tokens
+
+1. Go to the [Fastly WAF](https://dashboard.signalsciences.net) and log in.
+2. From the **My Profile** menu, select API access tokens.
+3. Click **Add API access token**.
+4. In the **Token name** field, enter a name to identify the access token.
+5. Click **Create API access token**.
+6. Record the token in a secure location for your use. Then, click **Continue** to finish creating the token.
+
+!!! Warning
+	This is the only time the token will be visible. Record the token and keep it secure.
+
+### Sekoia.io configuration procedure
+
+#### Create your intake
+
+1. Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the `Fastly Audit`.
+2. Copy the associated Intake key
+
+#### Pull the logs to collect them on Sekoia.io
+
+Go to the Sekoia.io [playbook page](https://app.sekoia.io/operations/playbooks), and follow these steps:
+
+1. Click **+ PLAYBOOK** button to create a new one
+2. Select **Create a playbook from scratch**
+3. Give it a name in the field **Name**
+4. Open the left panel, click **Fastly** then select the trigger `Fetch new audit logs from Fastly WAF`
+5. Click **Create**
+
+6. Create a **Module configuration**. Name the module configuration as you wish.
+7. Create a **Trigger configuration** using: 
+7.1. Type the `Intake key` created on the previous step
+7.2 Enter `User's email`, `API token`, `Corporation name` and `Site name` (if needed) from the Fastly WAF dashboard
+
+- Click the **Save** button
+- **Activate the playbook** with the toggle button in the top right corner of the page
+
+#### Enjoy your events on the [Events page](https://app.sekoia.io/operations/events)
diff --git a/mkdocs.yml b/mkdocs.yml
@@ -125,7 +125,8 @@ nav:
           - Cisco Duo Security: xdr/features/collect/integrations/cloud_and_saas/cisco_duo_security.md
           - Claroty xDome: xdr/features/collect/integrations/cloud_and_saas/claroty_xdome.md
           - ExtraHop Reveal(x) 360: xdr/features/collect/integrations/cloud_and_saas/extrahop_revealx_360.md
-          - Fastly Next-Gen WAF: xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_waf.md
+          - Fastly Next-Gen WAF Alerts: xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_waf.md
+          - Fastly Next-Gen WAF Audit Logs: xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_audit_waf.md
           - Github Audit Logs: xdr/features/collect/integrations/cloud_and_saas/github_audit_logs.md
           - Google Cloud:
             - Google Cloud Audit Logs: xdr/features/collect/integrations/cloud_and_saas/google/google_cloud_audit.md