Version:

Configuring Deny All WAF

Adding a Normalization Policy for Deny All WAF

  1. Go to Settings >> Configuration >> Normalization Policies.

  2. At the top left, click Add.

  3. Enter a Policy Name.

  4. In Compiled Normalizers, select Deny All WAF.

  5. Click Submit.

_images/norm1.png

Adding a Normalization Policy

Adding Deny All WAF as a Device in LogPoint

  1. Go to Settings >> Configuration >> Devices.

  2. At the top left, click Add.

  3. Enter a device Name.

  4. Enter the IP address(es) of the Deny All WAF server.

  5. Select the Device Groups.

  6. Select an appropriate Log Collection Policy for the logs.

  7. Select a collector or a forwarder from the Distributed Collector drop-down menu.

Note

It is optional to select the Device Groups, the Log Collection Policy, and the Distributed Collector.

  1. Select a Time Zone.

Note

The timezone of the device must be the same as its log source.

  1. Configure the Risk Values for Confidentiality, Integrity, and Availability used to calculate the risk levels of the alerts generated from the device.

  2. Click Submit.

Create Device Panel

Adding Deny All WAF as a Device

Configuring the Syslog Collector for Deny All WAF

  1. Click the Add icon from Actions.

  2. Click Syslog Collector on AVAILABLE COLLECTORS FETCHERS.

Syslog Collector Panel

Configuring Syslog Collector

  1. In Parser, select Syslog Parser.

  2. Select the Processing Policy which contains the normalization policy you added previously.

  3. Select the Charset. The default value is utf_8.

  4. In PROXY SERVER, select None.

  5. Click Submit.

Available Collectors Fetchers Panel

Configuring Syslog Collector

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support