top of page
マスクグループ 4.webp

WAF Automator for AWS

Managed security platform specifically for AWS WAF


Providing from AWS WAF implementation 
to operation

WAF Automator for AWS can implement AWS WAF (Web ACL) in a few simple steps and automate security operations with AI. It is the best solution for customers who use Application Load Balancer (ALB), Amazon CloudFront, Amazon API Gateway, and AWS AppSync and are considering implementing AWS WAF.

Easy implementation steps

WAF Automator for AWS is developed with a concept that can be deployed in four steps.

  1. Issue a CyberNEO account and log in to the CyberNEO portal.

  2. Create an IAM role from the CyberNEO portal

  3. Enter Web ACL information in the CyberNEO portal. (Log output environment setup, Web ACL and rule groups are automatically deployed.)

  4. Associate auto-created Web ACLs with AWS resources (Application load Balancer (ALB), Amazon CloudFront, Amazon API gateway, AWS AppSync).

Safely managed with the connection method recommended by AWS

When operating your AWS resources from CyberNEO, connect using the secure access method recommended by AWS. At the setup stage, you establish a trust relationship on the IAM role and connect with temporary security credentials issued when you connect. Also, in addition to authentication information, an external ID is issued and called, so the connection is made so that proxy confusion does not occur. Please refer to the AWS documentation for details on the recommended connection method.


Connection to your AWS tenant will access AWS WAF and S3 buckets from CyberNEO's Lambda.


Receive events from your S3 bucket and analyze them with CyberNEO's AI and threat intelligence. As soon as an attack is detected, AWS WAF rules can be updated to prevent attacks in real time.


WAF deploy function

Configure the log output settings and WAF rules required for WAF operation.

Dynamic response function

Attacks are detected with AI, and communication from sources judged to be high risk is blocked.

Threat intelligence delivery function

It collects high-risk sources of attacks and distributes them as a blacklist.

Risk alert function

Detect attacks with AI and send alerts when the dynamic response function is activated.

Attack event display function

Output attack detection events to the portal in real time.

Attack analysis report

Detected attack information (source, trend, destination, attack content, etc.) is displayed as a daily/monthly report.

Multi-tenant function

WAF and user management can be performed individually for each tenant, and multiple tenants can be centrally managed.

Multi-user access capability

Multiple users can be registered in each tenant, and authority management and audit log functions are provided.

User role management function

Administrator and read-only privileges can be granted on a per-user basis.

One-time password function

Supports one-time password authentication for access to the administrative console.


Supports Japanese and English portal display.

Audit log function

The content and time of each user's operation is output as an audit log.

bottom of page