Overview
Fastly is a CDN and edge cloud platform with an integrated Web Application Firewall (WAF). The Pwnbook integration pulls WAF event data and traffic security metrics from Fastly so teams can monitor edge-layer threats alongside other security signals.Prerequisites
- A Fastly account with WAF enabled
- Admin or Owner access in Pwnbook
Credentials required
| Field | Description |
|---|---|
| API Token | A Fastly personal API token with read access to WAF and service data |
Setup
Create a Fastly API token
- In Fastly, go to Account → Personal API Tokens.
- Click Create Token.
- Give it a name like “Pwnbook”.
- Set the scope to Read-only access for the services you want Pwnbook to monitor.
- Set an expiration or leave as non-expiring.
- Copy the generated token.
What gets synced
| Data | Description |
|---|---|
| WAF events | Rule violations flagged or blocked by the Fastly WAF |
| Attack categories | SQL injection, XSS, path traversal, RFI, and other OWASP categories |
| Traffic anomalies | Request spikes, unusual geographic distribution |
| Block vs. log | Whether each event resulted in a block or was logged only |
| Client IP | Source IP for each WAF event |
| Rule ID | The specific WAF rule that triggered |
Workbench card
The Fastly workbench card shows:- WAF event count over the last 24 hours
- Top attack categories
- Blocked vs. logged event split
Viewing in Pwnbook
The full Fastly view shows a timeline of WAF events with filtering by service, attack category, action (block/log), and time range.Disconnecting
- Go to Organization Settings → Marketplace → Fastly.
- Click Disconnect.
- Confirm.