AWS Network Firewall adds pass action rule alerts and JA4 filtering
Today, AWS announces new features for AWS Network Firewall: The ability to generate alerts on traffic that matches pass action rules and JA4 fingerprinting support in firewall rules. AWS Network Firewall is a stateful, managed, network firewall and intrusion detection and prevention service for your virtual private cloud (VPC). These new capabilities enhance the security and visibility of your network traffic, allowing for more granular control and improved threat detection.
The ability to generate alert log events on traffic that matches pass action rules provides enhanced visibility into your network traffic without a need to add an alert action rule before the pass action rule. This can help you detect anomalies or potential security issues in traffic that would otherwise be permitted without additional scrutiny. JA4 filtering rules enables AWS Network Firewall to analyze network traffic based on JA4 fingerprints, which are used to identify client and server applications. This feature allows for more precise traffic identification and control, helping you to better secure your network against potential threats.
Pass action rule alert and JA4 filtering rules are available in all AWS Regions where AWS Network Firewall is offered. To see which regions AWS Network Firewall is available in, visit the AWS Region Table.
To learn more about these new features and how to implement them in your AWS Network Firewall setup, visit the AWS Network Firewall documentation. You can start using these new capabilities today to enhance your network security posture and gain deeper insights into your VPC traffic patterns.