Checks whether the log collection feature is enabled for each domain name that is protected by Web Application Firewall (WAF). If so, the evaluation result is Compliant.
Scenarios
This rule applies when you need to enable the log collection feature for each domain name that is protected by WAF. This way, the Log Service for WAF feature automatically stores logs of the domain names in the dedicated Logstore for WAF. You can query and analyze the collected log data to meet audit requirements.
Risk level
Default risk level: medium.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If the log collection feature is enabled for each domain name that is protected by WAF, the evaluation result is Compliant.
- If the log collection feature is disabled for a domain name that is protected by WAF, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
Rule details
| Item | Description |
| Rule name | waf-instance-logging-enabled |
| Rule identifier | waf-instance-logging-enabled |
| Tag | WAF and AuditBaseline |
| Automatic remediation | Supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | Instance |
| Input parameter | None |
Incompliance remediation
Enable the log collection feature for a domain name that is protected by WAF. For more information, see Get started with the Simple Log Service for WAF feature.