Views:

Configure, monitor, and operate Cloud IPS with AWS Network Firewall.

Configure rule groups

TrendAI Vision One™ rule groups are managed as complete units within AWS Network Firewall. See Rule groups for more information.
To enable or disable a TrendAI Vision One™ managed rule group:
  1. Navigate to VPCNetwork FirewallFirewall policies.
  2. Select your firewall policy.
  3. In the Stateful rule groups section:
    • To enable: Click Add partner managed rule groups and select the rule group.
    • To disable: Select the rule group and click Remove.
  4. Click Save to apply changes.
Important
Important
TrendAI Vision One™ managed rule groups are enabled or disabled as a complete unit. You cannot disable individual rules within a rule group.

Monitor activity

Cloud IPS events are logged through AWS Network Firewall's standard logging mechanisms:
  • CloudWatch Logs: Real-time log streaming to CloudWatch
  • S3: Batch export to S3 buckets for long-term storage
  • Kinesis Data Firehose: Stream logs to analytics platforms
Logs include alert and block events with full context (source/destination IPs, ports, protocols, threat names, and signatures). Configure logging in your AWS Network Firewall settings.
  1. Navigate to CloudWatchLog groups.
  2. Find your Network Firewall log group (usually named /aws/networkfirewall/[firewall-name]).
  3. View alert logs for detected threats.
Alert logs show source and destination IPs, threat signatures detected, and any action taken (blocked by default).

Monitor performance

To monitor network firewall performance metrics:
  1. Navigate to CloudWatchMetricsAWS/NetworkFirewall.
  2. Monitor:
    • Packets processed: Ensure consistent throughput.
    • Dropped packets: Monitor for unexpected drops.
    • TLS connections: If you use TLS inspection.

Endpoint capacity

Each AWS Network Firewall endpoint supports up to 30,000 capacity units.
TrendAI Vision One™ managed rule group capacity:
  • TrendAI-MalwareBlockStrictOrder: ~6,000 capacity units
  • TrendAI-CVEClientBlockStrictOrder: ~6,000 capacity units
  • TrendAI-CVEServerBlockStrictOrder: ~6,000 capacity units
All three rule groups have a combined ~18,000 capacity units. The remaining capacity for AWS managed rules and custom rules is ~12,000 units.
Note
Note
As long as total capacity remains under 30,000 units, performance impact is minimal.