neuvector · sunilarjun · May 1, 2025 · Apr 23, 2025
@@ -66,6 +66,37 @@ istio\_(\w){5}
 
 ***Sensors must be applied to a Group to become effective.***
 
+#### Configuring Federated DLP and WAF Sensors
+
+This is the general process for configuring a federated DLP or WAF sensor:
+
+1. Define and test the federated DLP/WAF sensor(s), which is the set of regular expressions used to match the header, URL, or entire packet in the **Primary cluster -> Federated Policy ->  DLP Sensors or WAF Sensors** tab
+2. Apply the desired sensor to a custom federated Group in the **Federated Policy -> Groups** tab.
+3. Check that the federated DLP/WAF sensor(s) are synced to the Managed cluster and work as expected.
+
+##### Example
+
+Define a federated DLP/WAF sensor(s) in a Primary cluster and then apply it to a custom federated Group, and then check that those sensors are applied to all Managed clusters.
+
+Steps:
+
+1. Define the federated DLP/WAF sensor(s) in the Primary cluster in the relevant **DLP Sensors** or **WAF Sensors** tab:
+![Federated WAF](federated_1.png)
+![Federated DLP](federated_2.png)
+
+2. Apply the federated DLP/WAF sensor(s) to a custom federated Group in the **Federated Policy -> Groups** tab:
+![Custom Federated Group](federated_3.png)
+
+3. Check that the federated DLP/WAF sensor(s) are synced to the Managed clusters:
+![Federated WAF](federated_4.png)
+![Federated DLP](federated_5.png)
+
+4. In the Managed clusters, containers send out traffic which match the federated DLP/WAF sensor(s) pattern:
+![Federated Container Traffic](federated_6.png)
+
+5. After Step 4, DLP/WAF "Security Events" notifications are generated:
+![DLP/WAF Security Notification Generation](federated_7.png)
+
 #### Applying DLP/WAF Sensors to Container Groups
 
 To activate a DLP or WAF sensor, go to Policy -> Groups to select the group desired. Enable DLP/WAF for the Group and add the sensor(s).

@@ -66,6 +66,37 @@ istio\_(\w){5}
 
 ***Sensors must be applied to a Group to become effective.***
 
+#### Configuring Federated DLP and WAF Sensors
+
+This is the general process for configuring a federated DLP or WAF sensor:
+
+1. Define and test the federated DLP/WAF sensor(s), which is the set of regular expressions used to match the header, URL, or entire packet in the **Primary cluster -> Federated Policy ->  DLP Sensors or WAF Sensors** tab
+2. Apply the desired sensor to a custom federated Group in the **Federated Policy -> Groups** tab.
+3. Check that the federated DLP/WAF sensor(s) are synced to the Managed cluster and work as expected.
+
+##### Example
+
+Define a federated DLP/WAF sensor(s) in a Primary cluster and then apply it to a custom federated Group, and then check that those sensors are applied to all Managed clusters.
+
+Steps:
+
+1. Define the federated DLP/WAF sensor(s) in the Primary cluster in the relevant **DLP Sensors** or **WAF Sensors** tab:
+![Federated WAF](federated_1.png)
+![Federated DLP](federated_2.png)
+
+2. Apply the federated DLP/WAF sensor(s) to a custom federated Group in the **Federated Policy -> Groups** tab:
+![Custom Federated Group](federated_3.png)
+
+3. Check that the federated DLP/WAF sensor(s) are synced to the Managed clusters:
+![Federated WAF](federated_4.png)
+![Federated DLP](federated_5.png)
+
+4. In the Managed clusters, containers send out traffic which match the federated DLP/WAF sensor(s) pattern:
+![Federated Container Traffic](federated_6.png)
+
+5. After Step 4, DLP/WAF "Security Events" notifications are generated:
+![DLP/WAF Security Notification Generation](federated_7.png)
+
 #### Applying DLP/WAF Sensors to Container Groups
 
 To activate a DLP or WAF sensor, go to Policy -> Groups to select the group desired. Enable DLP/WAF for the Group and add the sensor(s).