Fastly CDN/WAF

Version: Fastly CDN, WAF

Fastly is a Content Delivery Network (CDN). This makes content available through users/organizations websites and Internet-accessible (hosted) application programming interfaces (APIs).

Fastly Web Application Firewall (WAF) protects your applications from malicious attacks designed to compromise web servers. The Fastly WAF provides rules that detect and block potential attacks. The rules are collected into a policy and deployed within your Fastly service at the edge.

Netsurion Open XDR integrates with Fastly CDN/WAF, collects log from Fastly CDN/WAF and creates a detailed reports, alerts, dashboards and saved searches. These attributes of Netsurion Open XDR helps users to view the most critical and important information on a single platform.

Reports will contain detailed overview of activities like:

  • Fastly user login/ logout
  • Fastly login failed, user management events
  • Fastly service management events
  • devices
  • Fastly access events by success and failure.
  • URL and IP severity
  • Blocked URL and IP
  • Matched Rule ID and its message

Fastly user login/ logout will include details such as user login/logout time, their device type or user-agent, if user is an admin or not, and their user id’s.

Alerts are provided as soon as any critical event is triggered by Fastly CDN/WAF. With alerts, users will be able to get real time events such as:

  • Login failed
  • Service or service version deletion in their email services
  • Blocked URL or high severity URL
  • Visual representation/ overview of top activities being performed in Fastly CDN/WAF
  • Unauthorized user access (failed)
  • Blocked request with location
  • High severity URL detected
  • Attacks with reason
  • Count can be viewed on Netsurion ‘dashboard’

“Fastly CDN/WAF – Access events by user agent” dashlet displays the user-agents trying to access any specific domain/ URL.

“Fastly CDN/WAF – User login fail (Audit events by region)” dashlet displays the login failure occurring in Fastly account in a world map by country. Dashlets associated with WAF activity will display information such as, PHP Injections attacks, SQL injection attacks, application attack session fixation, application attack RCE (Remote code execution), etc.

Netsurion Open XDR monitors all the Fastly CDN events from services like system manager, Fastly audit and access events. They are given as below.

  • Security – User login failed, blocked URLs
  • Compliance – Service has been deleted and service version has been deleted.
  • Operation – Fastly CDN access events by success and error messages, User management, and service management, Fastly CDN has received domain access errors.

After the CyberArk Vault is configured to deliver events to the Netsurion Open XDR, the dashboards and reports can be configured into Netsurion Open XDR.

To take advantage of this data source integration and to learn more about alerts, reports, and dashboards, contact your Technical Account Manager (TAM). If you are not currently a Netsurion customer or partner, contact us to learn more.