The pattern helps you customize the Amazon CloudWatch alerts that are generated by Amazon Web Services (AWS) Network Firewall. You can use predefined rules or create custom rules that determine the message, metadata, and severity of the alerts. You can then act upon these alerts or automate responses by other Amazon services, such as Amazon EventBridge.

In this pattern, you generate Suricata-compatible firewall rules. Suricata is an open-source threat detection engine. You first create simple rules and then test them to confirm that the CloudWatch alerts are generated and logged. Once you have successfully tested the rules, you modify them to define custom messages, metadata, and severities, and you then test once more to confirm the updates.

https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/customize-amazon-cloudwatch-alerts-for-aws-network-firewall.html?did=pg_card&trk=pg_card