AWS WAF Monitoring

Updated Oct 30, 2023

Configure AWS WAF for Arctic Wolf monitoring

You can configure Amazon Web Services (AWS)® Web Application Firewall (WAF)® for Arctic Wolf® monitoring.

WAF logs contain detailed information about the traffic that your web access control list (ACL) analyzes. This information includes the web request timestamp, source, destination, and the action for the matching rule. Arctic Wolf analyzes web ACL logs that result in Block requests to prioritize analyses for high risk web requests.


  • By default, Arctic Wolf does not alert on WAF events until you indicate that you are ready to receive alerts. As a result, you can make frequent changes to your WAF rules without receiving alerts. When you have configured a stable ruleset, contact your Concierge Security® Team (CST) to enable alerts.


Before you begin


  1. Sign in to the AWS Management Console.

  2. Open the Amazon S3 Console.

  3. In the navigation menu, click Buckets.

  4. Find the S3 bucket that will be used as the destination of your WAF logs.

  5. Complete the steps in Permissions to publish logs to Amazon S3 to publish logs to Amazon S3.

  6. Complete the steps in To enable logging for a web ACL to begin logging.

    Tip: See Logging and monitoring web ACL traffic and AWS WAF logging destinations for more information about web ACL logging.

Next Steps