[AWS WAF] Add dashboards for AWS Web Application Firewall data stream

[moxarth-rathod]

Proposed commit message

aws: add overview dashboards for AWS Web Application Firewall data stream

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.
• I have verified that any added dashboard complies with Kibana's Dashboard good practices

Related issues

• Closes [AWS WAF] - Add dashboards for AWS Web Application Firewall data stream #15975

Screenshots

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

[chrisberkhout]

Can you pelase put the data_stream.dataset: aws.waf filter on each panel and remove it from the top?

In the "SEI Integration Dashboard styling guide" we say:

Only use filters on visualizations panels, not dashboards.

• When creating dashboards that are to be used with integrations, we want to filter the information we retrieve, while also allowing the end user to add its own filters.
  By adding dashboard level filters we give the end user an easy way to simply remove our used filters by mistake, since they will be using the KQL query bar at the top of the dashboard for its own filters.

  When you create a new visualization you want to add to a dashboard, it is possible to apply the filters directly on the visualization itself, which is much more hidden for the end-user.

Otherwise it looks great.

[chrisberkhout]

The screenshot didn't get updated.

If it's tricky to get the data back in, I think it's okay to edit the image directly for a small update like this, rather than taking another screenshot. Here's a version of it with the filter removed:

[moxarth-rathod]

The screenshot didn't get updated.

If it's tricky to get the data back in, I think it's okay to edit the image directly for a small update like this, rather than taking another screenshot. Here's a version of it with the filter removed:

My bad, I already captured the screenshot but i forgot to add it here. It's now updated, thanks 👍

[chrisberkhout]

👍 Nice one!

[elastic-vault-github-plugin-prod]

🚀 Benchmarks report

Package aws 👍(15) 💚(3) 💔(4)

Expand to view

Data stream	Previous EPS	New EPS	Diff (%)	Result
securityhub_insights	1519.76	1256.28	-263.48 (-17.34%)	💔
cloudtrail	2012.07	1466.28	-545.79 (-27.13%)	💔
config	5988.02	4739.34	-1248.68 (-20.85%)	💔
emr_logs	30303.03	18518.52	-11784.51 (-38.89%)	💔

To see the full report comment with /test benchmark fullreport

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: b0b54c5

History

• 💚 Build #36015 succeeded e467a6c
• 💚 Build #35988 succeeded 82ee748
• 💔 Build #35986 failed 6a7dd3c
• 💚 Build #35935 succeeded 59a1f49

cc @moxarth-rathod

[agithomas]

Code owner approval.

[elastic-vault-github-plugin-prod]

Package aws - 5.5.0 containing this change is available at https://epr.elastic.co/package/aws/5.5.0/