v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/alicloud_compliance
Overview
1Dashboards
78Controls
40Queries
2Variables
GitHub

Control: 2.7 Ensure Web Application Firewall access and security log service is enabled

Description

Log Service collects log entries that record visits to and attacks on websites that are protected by Alibaba Cloud Web Application Firewall (WAF), and supports real-time log query and analysis. The query results are centrally displayed in dashboards.

Remediation

Perform the following ensure the Anti-DDoS access and security log is enabled:

From Console

  1. Logon to WAF Console.
  2. Choose App Market > App Management.
  3. Select the region where your WAF instance is located.
  4. Click Upgrade in Real-time Log Query and Analysis Service.
  5. Enable Log Service.
  6. Select the log storage period and the log storage size, and click Buy Now.
  7. Return to the WAF Console and choose App Market > App Management, and then click Authorize in Real-time Log Query and Analysis Service.
  8. Click Agree to authorize WAF to write log entries to your exclusive logstore.
  9. Return to the WAF Console and choose App Market > App Management and then, click Configure in Real-time Log Query and Analysis Service.
  10. On the Log Service page, select the domain name of your website that is protected by WAF, and turn on the Status switch on the right to enable WAF Log Service. These log entries can be queried and analyzed in real time.

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v100_2_7

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v100_2_7 --share

SQL

This control uses a named query:

manual_control

Tags

category = Compliance
cis = true
cis_item_id = 2.7
cis_level = 2
cis_section_id = 2
cis_type = manual
cis_version = v1.0.0
plugin = alicloud
service = AliCloud/WAF