Skip to main content
Fastly

Overview

Fastly is a CDN and edge cloud platform with an integrated Web Application Firewall (WAF). The Pwnbook integration pulls WAF event data and traffic security metrics from Fastly so teams can monitor edge-layer threats alongside other security signals.

Prerequisites

  • A Fastly account with WAF enabled
  • Admin or Owner access in Pwnbook

Credentials required

FieldDescription
API TokenA Fastly personal API token with read access to WAF and service data

Setup

1

Create a Fastly API token

  1. In Fastly, go to Account → Personal API Tokens.
  2. Click Create Token.
  3. Give it a name like “Pwnbook”.
  4. Set the scope to Read-only access for the services you want Pwnbook to monitor.
  5. Set an expiration or leave as non-expiring.
  6. Copy the generated token.
Use a dedicated token for Pwnbook rather than your personal account token, so you can rotate it independently.
2

Configure in Pwnbook

  1. Go to Organization Settings → Marketplace → Fastly.
  2. Paste your API Token.
  3. Click Save & Test — Pwnbook verifies access by listing your Fastly services.
  4. Select the services to monitor (or select all).

What gets synced

DataDescription
WAF eventsRule violations flagged or blocked by the Fastly WAF
Attack categoriesSQL injection, XSS, path traversal, RFI, and other OWASP categories
Traffic anomaliesRequest spikes, unusual geographic distribution
Block vs. logWhether each event resulted in a block or was logged only
Client IPSource IP for each WAF event
Rule IDThe specific WAF rule that triggered

Workbench card

The Fastly workbench card shows:
  • WAF event count over the last 24 hours
  • Top attack categories
  • Blocked vs. logged event split

Viewing in Pwnbook

The full Fastly view shows a timeline of WAF events with filtering by service, attack category, action (block/log), and time range.

Disconnecting

  1. Go to Organization Settings → Marketplace → Fastly.
  2. Click Disconnect.
  3. Confirm.