AWS Network Firewall Connector

AWS utilize Suricata in their AWS Network Firewall for threat detection and response, the AWS Network Firewall accept Suricata compatible rules and will act on live traffic from/to you VPC and block/alert on them once matched.

And although it is a great addition to the AWS Network Firewall, the AWS Console offer minimum capabilities to manage those IDS rules and you will have to manage them as a blob of text.

The IDSTower Connector for AWS Network Firewall bridge this gap by offering you the following:

  • Rules Management, Transformation & Updates: Fully manage your AWS Network Firewall Suricata Rules via the amazing IDSTower IDS Rules Management UI & benefit from IDSTower rules life-cycle-management features.

  • Block Malicious IOCs: IDSTower will export Malicious IOCs managed in IDSTower to your AWS Network Firewall as stateful rule groups, which you can use to block Malicious traffic from/to your VPC.

  • One Interface, Multiple Regions: Configure a single Export to push IDS Rules & IOCs to multiple AWS Regions at once.

  • Built-In AWS Credentials Management: AWS Connector gives you an easy way to manage the AWS Credentials used for export.

  • Operates with minimum permissions: The connected is designed with the principle of Least Privilege and will work with restricted access/permissions, this is will make sure that IDSTower only access what is needed for it to complete the task.

  • Syncs Data every 15 minutes: The Connector will update the rule groups it has created every 15 minutes, you can also trigger the update manually whenever your wish.

  • Handles incompatible Rules: The AWS Network Firewall dose not support the full features that Suricata rules language offers, the AWS Connector will warn you if you are trying to export incompatible rules that are not supported in AWS Network Firewall.

  • and more!

Learn how to configure the AWS Network Firewall Connector in IDSTower by following the documentation below: