The CRA Readiness ChecklistGet the checklist →

    Back to integrations
    WAF

    AWS WAF integration

    Ship targeted virtual patches to AWS WAF in minutes via the Mitigation Engineer.

    Integration details

    Primary category

    Web Application Firewall

    Sync direction

    AWS WAF ↔ Konvu

    Findings are ingested from AWS WAF into Konvu. Based on your workflow, Konvu can then push context, status changes, and severity updates back to AWS WAF.

    Status

    Available

    What is AWS WAF?

    AWS WAF is Amazon's managed web application firewall service that protects applications behind CloudFront, Application Load Balancer, API Gateway, and AppSync with custom rules and managed rule groups.

    Why connect AWS WAF to Konvu

    • Let the Mitigation Engineer ship targeted AWS WAF rules for exploitable findings the Application Security Engineer has confirmed, closing the exploit window in minutes.
    • Test every rule against known exploit signatures and a sample of legitimate traffic before deployment, with rollback if false-positive rates go bad.
    • Retire rules automatically when the Remediation Engineer confirms the upstream fix has shipped, so compensating controls don't silently become permanent.

    How it works

    1

    Receive exploit conditions

    The Mitigation Engineer reads the verified exploit path from the Application Security Engineer.

    2

    Draft & test rule

    An AWS WAF rule is drafted scoped to the vulnerable code path and tested against the exploit signature and your legitimate traffic.

    3

    Deploy with approval flow

    The rule is deployed to your AWS WAF Web ACL via the approval flow your team has configured.

    4

    Monitor & retire

    Blocks and false positives are monitored in production; the rule is removed once the Remediation Engineer confirms the fix is live.

    Quick setup

    Configure AWS WAF from the integrations list in Konvu.

    1. 1Go to /configuration/integrations in Konvu and choose AWS WAF.
    2. 2Authorize access and confirm the data sources you want to sync.
    3. 3Save the configuration to start syncing.

    Sync direction

    AWS WAF ↔ Konvu

    Findings are ingested from AWS WAF into Konvu. Based on your workflow, Konvu can then push context, status changes, and severity updates back to AWS WAF.

    More integrations

    View all
    Available

    Cloudflare WAF

    Ship targeted virtual patches to Cloudflare WAF in minutes via the Mitigation Engineer.

    • WAF
    Available

    ModSecurity

    Ship targeted virtual patches to ModSecurity in minutes via the Mitigation Engineer.

    • WAF
    Available

    AWS Inspector

    Focus Inspector scans on exploitable CVEs in EC2, Lambda, and container images.

    • Cloud Security
    Available

    AWS Security Hub

    Prioritize Security Hub aggregated findings using centralized exploitability analysis.

    • Cloud Security
    Available

    Black Duck

    Add exploit evidence to Black Duck's component risk and license compliance findings.

    • SCA
    Available

    Checkmarx

    Focus Checkmarx SAST and SCA alerts on code paths with demonstrated exploit potential.

    • SAST
    • SCA