Analytics
Last updated
Was this helpful?
Last updated
Was this helpful?
A Web Application Firewall (WAF) provides an essential layer of security for your website, protecting it from malicious attacks by analyzing incoming traffic and blocking harmful requests. To efficiently manage this security layer, it is crucial to regularly monitor and analyze the WAF’s analytics data.
Once your WAF is activated in either "On" or "Monitoring Only" mode, you can access detailed metrics by navigating to the Analytics → WAF section in the panel. This data provides you with valuable insights into the security status of your website, enabling you to make informed decisions about how to enhance your protection.
This document explains the key metrics and charts available in the WAF analytics dashboard, and how to interpret and use them effectively.
The WAF analytics dashboard also includes various charts and tables that make it easier to understand and interpret the data. These visualizations help you quickly spot trends, patterns, and anomalies in your website's traffic and security.
The Attack Histogram displays the number of attacks over time, helping you identify patterns and trends in security incidents. This chart can be filtered by URL to provide a more granular view of attacks targeting specific pages or resources on your website.
The Threats metric represents the number of requests that have triggered WAF rules relative to the total number of requests made to your website. This data helps you understand the volume of potentially malicious traffic your site is receiving and how effective your WAF is at blocking harmful requests.
When analyzing this metric, pay attention to sudden spikes in threat volume, as they may indicate an attack or a change in traffic patterns. Tracking the Threats metric over time will allow you to gauge the overall effectiveness of your security rules and identify if any adjustments are necessary to improve threat detection and mitigation.
The Threats Table breaks down threat data into several time periods:
Total: The total number of threats detected since the WAF was activated.
Today: The number of threats detected today.
This Month: The number of threats detected in the current month.
Last Month: The number of threats detected in the previous month.
The Top 10 Client IPs table displays the IP addresses responsible for triggering the most WAF rules. This metric helps identify potential sources of malicious traffic or attackers. By reviewing this data, you can take proactive measures, such as blocking or rate-limiting suspicious IPs. It also helps recognize patterns, such as bot-driven traffic or targeted attacks from specific regions or entities. The accompanying Pie Chart provides a visual breakdown of these IPs, making it easier to identify high-risk sources and take swift action to mitigate potential threats.
The Top 50 Request URIs table displays the URLs on your website most frequently targeted by requests that trigger WAF rules. This metric helps identify which parts of your site are under the most attack, allowing you to pinpoint areas that may be more vulnerable. By analyzing the Request URIs, you can detect patterns in attack vectors, such as specific endpoints or resources being targeted, and adjust your security measures accordingly. If certain URLs are consistently attacked, you may consider implementing more tailored WAF rules to strengthen protection for those areas.
The Top 50 User Agents table provides insight into the devices and browsers generating requests that are being blocked by WAF rules. This data can help you identify anomalies in traffic, such as attacks coming from unusual user agents, which may indicate automated bot traffic.
The Rule metric indicates which specific WAF rule is triggered by incoming requests. This helps assess the effectiveness of each rule in detecting and mitigating threats. By analyzing which rules are most frequently triggered, you can identify patterns in attack types and adjust your rule configuration accordingly. If a rule is triggered too often, it may indicate false positives or that the rule needs refinement to better suit your site's needs.
The Rule table displays the most frequently triggered WAF rules. This table allows you to evaluate the performance of each rule and understand which threats are being blocked most effectively. Frequent triggers suggest the rule is successfully mitigating a particular type of attack, but if the rule is ineffective, it may require adjustments.
The Last 300 Activity Log displays detailed information on the most recent 300 requests flagged by WAF rules. This log allows you to dive deeper into recent security incidents, providing crucial insights for further investigation and threat mitigation.
By regularly monitoring these WAF analytics metrics and reviewing the dashboard charts, you gain valuable insights into the security of your website. This data allows you to detect potential threats early, identify patterns in malicious traffic, and fine-tune your WAF rules to ensure maximum protection.
For further assistance or to customize your WAF settings, please refer to the help section in the panel or contact support.
