---
title: Network Firewall stateless rule groups should not be empty
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Network Firewall stateless rule groups
  should not be empty
---

# Network Firewall stateless rule groups should not be empty
 
## Description{% #description %}

This control verifies whether an AWS Network Firewall stateless rule group includes at least one rule.

A rule group contains rules that define how the firewall handles traffic within your VPC. While an empty stateless rule group in a firewall policy might seem like it would process traffic, it has no effect without any defined rules.

## Remediation{% #remediation %}

For guidance on configuring firewall logging, refer to the [Updating a stateful rule group](https://docs.aws.amazon.com/network-firewall/latest/developerguide/rule-group-stateful-updating.html) section of the AWS Network Firewall Developer Guide.