in code/utility/generate_waf_logs.py [0:0]
def generate_rule_match_data(headers, userAgent, args, ipDetails):
response = {
"labels": [],
"ntRules": []
}
labelList = []
for l in ipDetails['labels']:
labelList.append(l['name'])
#print ("Initial Response")
#print (response)
#No User Agent
if userAgent == "":
labelList.append('awswaf:managed:aws:core-rule-set:NoUserAgent_Header')
response['ntRules'].append({"ruleId" :'AWS-AWSManagedRulesCommonRuleSet','action': 'COUNT'})
#Social Media caterogy, name and ntrule
if 'facebook' in userAgent.lower():
labelList.append('awswaf:managed:aws:bot-control:bot:name:facebook')
labelList.append('awswaf:managed:aws:bot-control:bot:category:social_media')
response['ntRules'].append({"ruleId" :'AWS-AWSManagedRulesBotControlRuleSet','action': 'COUNT'})
elif 'twitter' in userAgent.lower():
labelList.append('awswaf:managed:aws:bot-control:bot:name:twitter')
labelList.append('awswaf:managed:aws:bot-control:bot:category:social_media')
response['ntRules'].append({"ruleId" :'AWS-AWSManagedRulesBotControlRuleSet','action': 'COUNT'})
elif 'linkedin' in userAgent.lower():
labelList.append('awswaf:managed:aws:bot-control:bot:name:linkedin')
labelList.append('awswaf:managed:aws:bot-control:bot:category:social_media')
response['ntRules'].append({"ruleId" :'AWS-AWSManagedRulesBotControlRuleSet','action': 'COUNT'})
#Matching rules from ipDetails labels
for l in response['labels']:
if 'anonymous-ip' in labelList:
response['ntRules'].append({'ruleId':'AWS-AWSManagedRulesAnonymousIpList'})
for l in list(set(labelList)):
response['labels'].append({'name': l})
return (response)