AWS aws_web_application_firewall Mappings

The AWS Web Application Firewall (WAF) protects web applications and Application Programmer Interfaces (APIs) from exploits and bots that may impact the availability and security of resources by filtering out unwanted or malicious web traffic based on a set of rules. AWS WAF can be configured to control how Amazon CloudFront, Amazon API Gateway REST API, Application Load Balancer, and AWS AppSync GraphQL API respond to web requests. This mapping focuses on the AWS Managed Rules rule groups currently available. It does not cover paid solutions from Amazon or managed rules from Amazon Marketplace.

Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name
aws_web_application_firewall AWS Web Application Firewall protect partial T1046 Network Service Scanning
aws_web_application_firewall AWS Web Application Firewall protect partial T1059 Command and Scripting Interpreter
aws_web_application_firewall AWS Web Application Firewall protect significant T1059.001 PowerShell
aws_web_application_firewall AWS Web Application Firewall protect significant T1059.004 Unix Shell
aws_web_application_firewall AWS Web Application Firewall protect significant T1059.007 JavaScript
aws_web_application_firewall AWS Web Application Firewall protect minimal T1071 Application Layer Protocol
aws_web_application_firewall AWS Web Application Firewall protect minimal T1071.001 Web Protocols
aws_web_application_firewall AWS Web Application Firewall protect partial T1090 Proxy
aws_web_application_firewall AWS Web Application Firewall protect partial T1090.002 External Proxy
aws_web_application_firewall AWS Web Application Firewall protect partial T1090.003 Multi-hop Proxy
aws_web_application_firewall AWS Web Application Firewall protect significant T1189 Drive-by Compromise
aws_web_application_firewall AWS Web Application Firewall protect significant T1190 Exploit Public-Facing Application
aws_web_application_firewall AWS Web Application Firewall protect significant T1203 Exploitation for Client Execution
aws_web_application_firewall AWS Web Application Firewall protect partial T1595 Active Scanning
aws_web_application_firewall AWS Web Application Firewall protect partial T1595.001 Scanning IP Blocks
aws_web_application_firewall AWS Web Application Firewall protect partial T1595.002 Vulnerability Scanning
aws_web_application_firewall AWS Web Application Firewall protect partial T1595.003 Wordlist Scanning