Documentation Center
AlienVault® USM Appliance™

DenyAll Web Application Firewall (WAF)

When you configure DenyAll Web Application Firewall (WAF) to send log data to USM Appliance, you can use the DenyAll Web Application Firewall plugin to translate the raw log data into normalized events for analysis.

Device Details
Vendor DenyAll
Device Type Web Application Firewall
Connection Type Syslog
Data Source Name Denyall-waf
Data Source ID 1922

Integrating DenyAll WAF

Before you configure the DenyAll WAF integration, you must have the IP Address of the USM Appliance Sensor.

To configure DenyAll WAF to send Syslog messages to USM Appliance

  1. Log into the DenyAll web UI.
  2. From the top menu, select Management > Alerting.
  3. From the left-side menu, select Alerting Profiles.
  4. Click Add and then enter the following information in the dialog box that appears:
    • Facility: Select the facility to use to log messages.
    • Host: Enter the USM Appliance IP Address.
    • Name: Enter a name for the new alerting profile.
    • Port: Enter 514.
    • Protocol: Enter UDP.
    • Severity: Select the desired severity level for messages to be returned.
    • Type: Select Syslog.
  5. Click OK to close the dialog box.
  6. From the left-side menu, select Logs Alerting configurations.
  7. Click Add and then enter the following information into the dialog box that appears:
    • Name: Enter a profile name.
    • Frequency: Select the frequency of alert reporting.
    • Format: Select Default.
    • Destinations: Select <profile_name>(syslog).
  8. Ensure that Send security logs and Send IAM logs options are both selected.
  9. Click OK to close the dialog box.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://www.denyall.com/products/web-application-firewall/

https://www.denyall.com/resources/glossary/

For troubleshooting, see the vendor documentation.