Empty WAF Policy Deletion (WAF clear Non-domain Policy)

Playbook Overview

The WAF clear Non-domain Policy playbook matches the WAF clear Non-domain Policy workflow. The playbook queries WAF protection policies and deletes empty protection policies to release resources at 09:00 every Monday. An empty WAF protection policy has only a policy name but does not have any domain name.

You need to manually enable this playbook for it to take effect.

Prerequisites

• SecMaster has obtained the WAF fullAccess permission.

  Table 1 Permission description

  Permission	Description	Principal
  WAF fullAccess	Administrator permissions for Web Application Firewall (WAF).	SecMaster_Agency

  Perform the following steps to check whether SecMaster has obtained the WAF fullAccess permission: If the permission is not allocated, allocate it to SecMaster by referring to Authorizing SecMaster.

  1. Log in to the SecMaster console as an administrator.
  2. Click in the upper left corner of the page and choose Management & Governance > Identity and Access Management.
  3. In the navigation pane on the left, choose Agencies. On the Agencies page, click SecMaster_Agency and then click the Permissions tab to view all authorization records of SecMaster_Agency.
  Figure 1 Viewing agency authorization records
  

Limitations and Constraints

• Your SecMaster professional edition is available.

Step 1: Enable the WAF Clear Non-domain Policy Playbook

Step 2: Approve the Deletion of the Empty WAF Policy

1. In the navigation pane on the left of the target SecMaster workspace, choose Situation Awareness > Task Center.
2. On the displayed page, click the To-Dos tab. In the Operation column of the target to-do task, click Review.
   The approval method varies depending on the service type.

   • Playbook release: The Playbook Release page is displayed on the right. Enter review comments and approve the playbook as prompted.
   • Process release: The Process Release page is displayed on the right. Enter the Comment and approve the application as prompted.
   • Playbook-Node Review: The Playbook-Node Review page is displayed on the right. You can select Continue or Terminate.
3. In the navigation pane on the left, choose Situation Awareness > Task Center, click the Completed tab, and check completed tasks.

Implementation Effect

The WAF clear Non-domain Policy playbook checks WAF protection policies at 09:00 every Monday and deletes policies that have not been used for any domain names. An empty WAF protection policy has only a policy name but does not have any domain name.

1. Log in to the WAF console.
2. Click in the upper left corner and select a region or project.
3. (Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
4. In the navigation pane on the left, choose Policies to view the protection policy list. An empty WAF protection policy has only a policy name but does not have any domain name.

Figure 4 Example of an empty WAF protection policy

5. After the WAF clear Non-domain Policy playbook takes effect, empty WAF protection policies will be deleted.