NetScaler Application Firewall (AppFW) logs now has Common Event Format (CEF) logging capabilities in NetScaler 10. CEF is an open log management standard that improves the interoperability of security-related information from different security appliances and network devices. The use of CEF makes it possible to analyze application firewall logs along with logs produced by other security and network appliances. Because of this capability in NetScaler 10, a new AppFW feature called Click to rule is something to really be jazzed about since it is all about how you can deploy the policy rules from logs. From NetScaler GUI when you have CEF log formats enabled, user can now create an app firewall rule. This rule could be created to protect against something or relax an existing rule. In most cases, the log will be enabled to relax a rule blocking a legitimate request. How easy it is to just right click on the GUI log and it will display “Edit and Deploy”. You can then decide to edit the log to make change to it then enable it as a rule or just select deploy to enable the rule without making changes. You have an associated comment as well, so you know where this rule was generated from.
Here are some captures from the GUI:
Video now available at CitrixTV to show this feature in action.