Lumen Defender℠ Managed Rules for AWS Network Firewall Service Guide
Version: November 19, 2025
Introduction
This Service Guide provides a comprehensive overview of Lumen Defender Managed Rules for AWS Network Firewall. It is designed to help Customer implement, manage, and optimize firewall protections in cloud environments.
Service Overview
Lumen Defender Managed Rules delivers curated rule groups for AWS Network Firewall, integrating Black Lotus Labs threat intelligence to proactively address emerging threats. Key features include:
- Pre-built IP rule groups targeting malware, botnets, and command-and-control threats. The current version of the product has the following rule groups.
- LumenBLL-SevereBotDefaultOrder
- LumenBLL-SevereBotStrictOrder
- LumenBLL-SevereC2DefaultOrder
- LumenBLL-SevereC2StrictOrder
- LumenBLL-SevereMalwareDefaultOrder
- LumenBLL-SevereMalwareStrictOrder
- The capacity of each rule group is currently ~7K IOCs, with a total cap of 25K IOCs. Capacity is subject to change at any time effective upon posting of revisions to this Service Guide.
- The Service and Rule Groups are currently supported in the US across the following AWS Network Firewall regions.
- us-east-1
- us-east-2
- us-west-1
- us-west-2
- Automatic daily updates to rule groups.
- Integration with AWS Marketplace for subscription and billing.
Pricing Model:
- The Service uses a usage-based pricing model.
- Charges are calculated based on the total gigabytes (GB) of network traffic inspected. Charges will accrue up to date/time of cancellation.
- This means that invoices will scale according to the volume of traffic in the firewall processes.
- Example: If Customer’s AWS Network Firewall inspects 500 GB of traffic in a month, the invoice bill will reflect the rate per GB multiplied by 500.
Service Components
Component | Owned By | Description |
AWS Network Firewall | AWS | Applies managed and custom rules to network traffic. |
Managed Rule Groups | Lumen | Curated rules addressing specific threats, available via AWS Marketplace. |
Logging & Monitoring | AWS | Utilizes AWS CloudWatch and S3 for log storage and analysis. |
Threat Intelligence | Lumen | Black Lotus Labs intelligence for proactive threat detection and mitigation. |
Lumen Support
Lumen provides support for rule behavior and threat intelligence inquiries only. For Lumen supported rule-groups, rule behavior, threat intelligence, and offer pricing questions contact via email listed on the offer page. Lumen will use commercially reasonable efforts to respond within one US business day.
AWS Support: For technical issues with AWS Network Firewall, Partner Managed Rules (PMR), Marketplace or Billing, contact AWS Support via the offer page.
Additional Customer Responsibilities:
Service Activation and Configuration
- Subscription: Select and subscribe to managed rule groups via AWS Network Firewall Console.
- Configuration: Apply rule groups to firewall policies using “Default Order” or “Strict Order”. Additionally set them as Alert / Monitor Mode or Block Mode.
Verification: Confirm rule group activation in the AWS Console.
Using Strict Order vs. Default Order
Strict Order: Use when precise control over rule processing is needed. Rules are evaluated in the exact order Customer has set.
- Recommended for overlapping rules or prioritizing specific rules.
Default Order: Use for simplified management—AWS Network Firewall automatically optimizes rule order for performance.
- Recommended for most customers and broad threat coverage.
Tip: Start with Default Order for ease; switch to Strict Order for custom rule prioritization.
Not all products and services are available in all regions and countries; please contact a representative near you for details.
