Fastly

The Fastly Next-Gen WAF (powered by Signal Sciences) is a web application firewall that monitors for suspicious and anomalous web traffic and protects, in real-time, against attacks directed at the applications and origin servers that you specify. For more information, refer to Fastly’s official documentation.

Integration Method: API

Tables: Detection Finding (2004), HTTP Activity (4002)

This integration supports the following events.

This integration supports the following versions.

Prerequisites

• The user should have access to the Fastly dashboard.

• The user should have access to the DataBee console.

Configuration Overview

1. Generate an API Access token from fastly dashboard.

2. Add the Fastly data feed in the DataBee console with the below parameters.

   DataBee Parameter	Fastly Parameter
   Access Key	Account Email Id
   Secret Key	API acccess token
   Site name	Site name
   Corp name	Corp name

Fastly Configuration

1. Log on to Fastly Next-Gen WAF dashboard using the user account credentials.
    

2. Navigate to My Profile > API Access Tokens. The “API Access Tokens” page appears.
    

3. Click on the Add API access token button.

   
   

4. Enter an appropriate name for the API token and click on the Create API access token button.
    

5. Once the token is successfully created, you will see the token details on a new page.
    
   

   Note:

   Make sure to record this token and keep it safe as it will not be displayed again.

6. Click on the Continue button to complete the token creation process.

7. Go to the home page. The name on top left corner as highlighted in below picture is the Corp name. Click on sites and select and copy the site name with which you intend to make a data feed.

   
   

   Note:

   The Corp name and site name will be needed to create the data feed later, so store them securely.

DataBee Configuration

1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
    

2. Search for the Fastly and click it as shown below.
    

3. Click on the API Ingest option for collection method.
    

4. Enter feed contact information and click Next.
    

5. In the configuration page, confirm the following:

   • API Base URL: this is the base URL that DataBee will interact with. Do not change it.

   • Authorization Method: Custom API Key.

   • Access Key: paste the Account Email id (I.e. Id used to login to fastly dashboard).

   • Secret Key: paste the API access token generated earlier.

   • Site Name: paste the site name copied earlier.

   • Corp name: paste the Corp name copied earlier.

   • Event Types: preselected for all the event types that integration pulls.

   

6. Click Submit.

Troubleshooting Tips

• Ensure the API Access token is pasted correctly. Since you cannot view the token after the 1^st time, re-create the token, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.