From 8e7e0d6b30ebce7422722a53abfbdd27ad5a89a4 Mon Sep 17 00:00:00 2001 From: lvoloshyn-sekoia Date: Fri, 12 Jan 2024 14:26:43 +0200 Subject: [PATCH 1/5] Add docs for Fastly WAF --- .../cloud_and_saas/fastly/fastly_waf.md | 56 +++++++++++++++++++ mkdocs.yml | 3 +- 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 docs/xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_waf.md diff --git a/docs/xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_waf.md b/docs/xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_waf.md new file mode 100644 index 0000000000..58965541e9 --- /dev/null +++ b/docs/xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_waf.md @@ -0,0 +1,56 @@ +uuid: 916c13a8-c109-49f0-94db-d6a2300f5580 +name: Fastly Next-Gen WAF +type: intake + + +## Overview + +Fastly Next-Gen WAF is a web application firewall solution designed to protect online assets by mitigating web application threats, ensuring security, and enhancing application performance with its edge-based, real-time protection capabilities. + +!!! warning + Important note - This format is currently in beta. We highly value your feedback to improve its performance. + +{!_shared_content/operations_center/detection/generated/suggested_rules_916c13a8-c109-49f0-94db-d6a2300f5580_do_not_edit_manually.md!} + +{!_shared_content/operations_center/integrations/generated/916c13a8-c109-49f0-94db-d6a2300f5580.md!} + +## Configure + +### Creating API access tokens + +1. Go to the https://dashboard.signalsciences.net and log in. +2. From the **My Profile** menu, select API access tokens. +3. Click **Add API access token**. +4. In the **Token name** field, enter a name to identify the access token. +5. Click **Create API access token**. +6. Record the token in a secure location for your use. Then, click **Continue** to finish creating the token. + +!!! Warning + This is the only time the token will be visible. Record the token and keep it secure. + +### Sekoia.io configuration procedure + +#### Create your intake + +1. Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the `Fastly WAF`. +2. Copy the associated Intake key + +#### Pull the logs to collect them on Sekoia.io + +Go to the Sekoia.io [playbook page](https://app.sekoia.io/operations/playbooks), and follow these steps: + +1. Click **+ PLAYBOOK** button to create a new one +2. Select **Create a playbook from scratch** +3. Give it a name in the field **Name** +4. Open the left panel, click **Fastly** then select the trigger `Fetch new events from Fastly WAF` +5. Click **Create** + +6. Create a **Module configuration**. Name the module configuration as you wish. +7. Create a **Trigger configuration** using: +7.1. Type the `Intake key` created on the previous step +7.2 Enter `User's email`, `API token`, `Corporation name` and `Site name` from the Fastly WAF dashboard + +- Click the **Save** button +- **Activate the playbook** with the toggle button in the top right corner of the page + +#### Enjoy your events on the [Events page](https://app.sekoia.io/operations/events) diff --git a/mkdocs.yml b/mkdocs.yml index a2566663fe..77c0c7a801 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -111,8 +111,9 @@ nav: - Gateway Network: xdr/features/collect/integrations/cloud_and_saas/cloudflare/cloudflare-gateway-network.md - HTTP requests: xdr/features/collect/integrations/cloud_and_saas/cloudflare/cloudflare-http-requests.md - Cato SASE: xdr/features/collect/integrations/cloud_and_saas/cato_sase.md - - Digital Shadows SearchLight: xdr/features/collect/integrations/cloud_and_saas/digital_shadows.md - Cisco Duo Security: xdr/features/collect/integrations/cloud_and_saas/cisco_duo_security.md + - Digital Shadows SearchLight: xdr/features/collect/integrations/cloud_and_saas/digital_shadows.md + - Fastly Next-Gen WAF: xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_waf.md - Github Audit Logs: xdr/features/collect/integrations/cloud_and_saas/github_audit_logs.md - Google Cloud: - Google Cloud Audit Logs: xdr/features/collect/integrations/cloud_and_saas/google/google_cloud_audit.md From 71c44aba5eb18601cf63dc1573597cbb93db50e3 Mon Sep 17 00:00:00 2001 From: lvoloshyn-sekoia Date: Fri, 12 Jan 2024 16:07:54 +0200 Subject: [PATCH 2/5] Add docs for Fastly WAF --- .../collect/integrations/cloud_and_saas/fastly/fastly_waf.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_waf.md b/docs/xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_waf.md index 58965541e9..0ed6fc2503 100644 --- a/docs/xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_waf.md +++ b/docs/xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_waf.md @@ -18,7 +18,7 @@ Fastly Next-Gen WAF is a web application firewall solution designed to protect o ### Creating API access tokens -1. Go to the https://dashboard.signalsciences.net and log in. +1. Go to the [Fastly WAF](https://dashboard.signalsciences.net) and log in. 2. From the **My Profile** menu, select API access tokens. 3. Click **Add API access token**. 4. In the **Token name** field, enter a name to identify the access token. From ecb69eeb53b4809f3c1216b095e9c36104362ece Mon Sep 17 00:00:00 2001 From: lvoloshyn-sekoia Date: Wed, 14 Feb 2024 17:43:08 +0200 Subject: [PATCH 3/5] Fix conflict --- mkdocs.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/mkdocs.yml b/mkdocs.yml index ba13991550..680549532f 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -121,6 +121,7 @@ nav: - Digital Shadows SearchLight: xdr/features/collect/integrations/cloud_and_saas/digital_shadows.md - Cisco Duo Security: xdr/features/collect/integrations/cloud_and_saas/cisco_duo_security.md - Claroty xDome: xdr/features/collect/integrations/cloud_and_saas/claroty_xdome.md + - Fastly Next-Gen WAF: xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_waf.md - Github Audit Logs: xdr/features/collect/integrations/cloud_and_saas/github_audit_logs.md - Google Cloud: - Google Cloud Audit Logs: xdr/features/collect/integrations/cloud_and_saas/google/google_cloud_audit.md From 23c705cb2dd0830f76a5a19aa4d9784b62a07223 Mon Sep 17 00:00:00 2001 From: lvoloshyn-sekoia Date: Wed, 28 Feb 2024 12:29:15 +0200 Subject: [PATCH 4/5] Fix mkdocs --- mkdocs.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/mkdocs.yml b/mkdocs.yml index 680549532f..ba13991550 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -121,7 +121,6 @@ nav: - Digital Shadows SearchLight: xdr/features/collect/integrations/cloud_and_saas/digital_shadows.md - Cisco Duo Security: xdr/features/collect/integrations/cloud_and_saas/cisco_duo_security.md - Claroty xDome: xdr/features/collect/integrations/cloud_and_saas/claroty_xdome.md - - Fastly Next-Gen WAF: xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_waf.md - Github Audit Logs: xdr/features/collect/integrations/cloud_and_saas/github_audit_logs.md - Google Cloud: - Google Cloud Audit Logs: xdr/features/collect/integrations/cloud_and_saas/google/google_cloud_audit.md From d6ad3ee56fb3d145b92e8924f62095b546b23a48 Mon Sep 17 00:00:00 2001 From: lvoloshyn-sekoia Date: Wed, 28 Feb 2024 12:29:44 +0200 Subject: [PATCH 5/5] Fix mkdocs --- mkdocs.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/mkdocs.yml b/mkdocs.yml index c7892ab8aa..b262374916 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -122,6 +122,7 @@ nav: - Cisco Duo Security: xdr/features/collect/integrations/cloud_and_saas/cisco_duo_security.md - Claroty xDome: xdr/features/collect/integrations/cloud_and_saas/claroty_xdome.md - ExtraHop Reveal(x) 360: xdr/features/collect/integrations/cloud_and_saas/extrahop_revealx_360.md + - Fastly Next-Gen WAF: xdr/features/collect/integrations/cloud_and_saas/fastly/fastly_waf.md - Github Audit Logs: xdr/features/collect/integrations/cloud_and_saas/github_audit_logs.md - Google Cloud: - Google Cloud Audit Logs: xdr/features/collect/integrations/cloud_and_saas/google/google_cloud_audit.md