Describe how you would design an incident response plan that includes the use of AWS WAF to protect against web application attacks. What specific rules would you set up in AWS WAF and how would these rules integrate with the overall security posture of the environment?
