Managed Rules Plus (also known as WafCharm Lite and abbreviated as MR Plus) is a cloud WAF rule management service centered around automated denylist operation. It is available for subscription via the AWS Marketplace. By combining Managed Rules Plus with CSC Managed Rules, also provided through the AWS Marketplace, you can efficiently manage cloud WAF rules.

CSC Managed Rules refer to the following two products:

We also offer an additional ruleset under CSC Managed Rules called Protocol Enforcement by WafCharm. This ruleset is designed to detect requests that violate HTTP protocol specifications or contain similar issues.

While it is possible to use Managed Rules Plus with only Protocol Enforcement by WafCharm, this ruleset is not intended to provide comprehensive protection against common web attacks such as those covered in the OWASP Top 10. Therefore, we recommend using it together with either the HighSecurity OWASP Set or the API Gateway/Serverless ruleset.

Cyber Security Cloud Managed Rules -Protocol Enforcement by WafCharm-

For more information on Protocol Enforcement by WafCharm, please refer to the blog post:
We released a new set of managed rules, Protocol Enforcement by WafCharm.

Although we recommend using Managed Rules Plus with CSC Managed Rules, it is also possible to use it with your own custom rules or with managed rules from other vendors, depending on your use case.

For more details, please refer to the following pages:

Note: WafCharm Lite and Managed Rules Plus refer to the same product. While the name may vary depending on language or region, both refer to the same service.

The relationship between WafCharm and CSC Managed Rules

WafCharm is available in two offerings: WafCharm and Managed Rules Plus. Both are designed to support the operational management of AWS WAF, but the specific features available differ between them.

WafCharm
Managed Rules Plus (also known as WafCharm Lite and abbreviated as MR Plus)

In addition to WafCharm, we also offer our own proprietary rulesets under the CSC Managed Rules brand:

While WafCharm and CSC Managed Rules fall under different product groupings, you can think of combining Managed Rules Plus (WafCharm Lite) with either of the OWASP-focused rulesets as a way to enhance the capabilities of CSC Managed Rules.
The diagram below illustrates this conceptual model.

Note: CSC Managed Rules refers only to the products provided by Cyber Security Cloud, Inc. This does not include AWS Managed Rules offered by AWS.
Note: HighSecurity OWASP Set and API Gateway/Serverless serve the same purpose. It is assumed that only one of these will be used at a time.
Note: Protocol Enforcement by WafCharm can also be used in combination with Managed Rules Plus (WafCharm Lite). However, we recommend using it alongside one of the OWASP-based rulesets to ensure comprehensive protection against common web attacks.

WafCharm

WafCharm is a service that applies rules to AWS WAF to protect against general web attacks. It is available via two options: a direct contract through our website (website version), or a subscription through the AWS Marketplace (AWS Marketplace version).

You can start using WafCharm by creating an account from the WafCharm Console, our web-based management interface, and registering your AWS WAF (web ACL) information.

In addition to the rules provided by WafCharm, the service also offers several operational management features, depending on your configuration, such as monthly reports, detection notifications, daily blocked request summaries, and a WAF log search feature.

Note: WafCharm includes rules that serve the same purpose as the CSC Managed Rules (rulesets designed to provide comprehensive protection against attacks like those covered in the OWASP Top 10). Therefore, it is not necessary to use them together.
However, we recommend using Protocol Enforcement by WafCharm in combination, as it is a separate ruleset with a different purpose.

Managed Rules Plus / WafCharm Lite

Managed Rules Plus is a cloud WAF rule management service centered around automated denylist operation. When used together with the applicable CSC Managed Rules, it enhances rule coverage and provides additional features for operational management.

While MR Plus can be used on its own, we recommend using it in combination with one of the CSC Managed Rules, specifically, either of the two rulesets designed to provide comprehensive protection against common web attacks such as those covered in the OWASP Top 10.

MR Plus includes features such as a dynamic denylist and a monthly reporting feature to support efficient WAF rule operation.

Note: The Attack Type classification shown in the monthly report is only available when MR Plus is used in combination with one of the OWASP-focused CSC Managed Rules.

CSC Managed Rules

CSC Managed Rules are rulesets available for subscription via the AWS Marketplace. The following managed rules are currently offered:

Note: These do not include AWS Managed Rules sold by AWS.

Among the CSC Managed Rules, the HighSecurity OWASP Set and API Gateway/Serverless are rulesets designed to provide comprehensive protection against common web attacks such as those covered in the OWASP Top 10. Since both serve the same purpose, only one is intended to be used based on your environment.

In most cases, the HighSecurity OWASP Set is the recommended choice. However, if your workload involves API Gateway, Lambda, or similar services, we recommend using the API Gateway/Serverless ruleset instead.

Protocol Enforcement by WafCharm is a ruleset designed to detect requests that violate HTTP protocol specifications or encoding. It can help strengthen overall site security by detecting malicious bot access or port scanning activities commonly used as precursors to an attack. Since Protocol Enforcement by WafCharm does not include rules for defending against general web application attacks, we recommend using it in combination with either WafCharm, HighSecurity OWASP Set, or API Gateway/Serverless.

For more information on Protocol Enforcement by WafCharm, please refer to the blog post:
We released a new set of managed rules, Protocol Enforcement by WafCharm.

WafCharm vs. Managed Rules Plus comparison table

Note: - (hyphen) indicates that the feature is not applicable or not available.

Item	CSC Managed Rules	Managed Rules Plus	Managed Rules Plus with CSC Managed Rules	WafCharm
OWASP Top 10 Focused Rules	Available (excluding Protocol Enforcement by WafCharm)	- (Rules are not included. To apply OWASP-focused protection, please subscribe to CSC Managed Rules or add your own rules.)	Available	Available
Dynamic Denylist Feature	-	Available	Available	Available
Additional Rule Configuration (Geo-Match, Rate-Based, Simple Bot Rules)	-	-	-	Available (for Advanced Rule Policy only)
Rule Customization	-	-	Available with Limitations (Customization is available only when false positives occur with the dynamic denylist feature.)	Available
Inquiries via Email	Available	Available	Available	Available
Phone Support	-	-	-	Available (for customers in Japan with Business plan or higher; Japanese support only)
Monthly Report Feature	-	-	Available	Available
WAF Log Alert (Detection Notification) Feature	-	-	-	Available
WAF Log Search Feature	-	-	-	Available
Blocked Request Status on Dashboard	-	-	-	Available
Web Defacement Detection Feature (Web Monitoring Config)	-	-	-	Available (for new plan only)
Member Account Management Feature	-	-	Available with Limitations (You can add member accounts, but detailed control is not available.)	Available

Note: Some features are only available when WAF log integration (new method) is enabled. Feature availability may vary depending on your setup. For more information, refer to:
Features available by enabling WAF log integration

What is Managed Rules Plus?

The relationship between WafCharm and CSC Managed Rules

WafCharm

Managed Rules Plus / WafCharm Lite

CSC Managed Rules

WafCharm vs. Managed Rules Plus comparison table