Overview: WAF Advanced Dashboard

The WAF Advanced Dashboard provides a quick overview of your applications’ web protection and L7 DoS protection. The dashboard allows you to identify the effectiveness of your policies under its current protection settings.

A change in traffic behavior, or increase in detected attacks over time, can indicate false positives, or unexpected vulnerabilities that require changes to your policy’s settings.

The dashboard reports up-to-date information about traffic to your protected applications. You can change the time settings of the dashboard to focus on traffic and detected attacks from the last five minutes, or up to the last 30 days. In addition, you can filter the information in the dashboard to focus on a specific application, WAF policy, or attack data.

Within the WAF Advanced Dashboard, there are two ways to monitor your application protection:

  • Web Protection - A single pane of glass that provides traffic information for all protected applications, and visual analyses of detected attacks based on traffic dimensions, for example; attacking IP addresses and detected attack signatures.

  • L7 DoS Protection - A visual analysis of the protected applications, their traffic status (stress level), and potential impact of detected L7 DoS attacks.

Traffic details

From the dashboard, you can review the following information regarding all your WAF policies:

Web Protection

  • Applications with WAF protection.

  • All WAF policies.

  • General traffic trends.

  • Attack information including: violations, attack signatures, attacked URLs, malicious IP addresses, attack source locations, and bot signatures.

  • A timeline of requests that were detected as attacks by your policy.

L7 DoS Protection

  • Application status that is based on detected traffic stress from 7 DoS attack.

  • L7 DoS protection configuration for each application.

  • Bad actors detected by their geolocation.

  • Application stress level graph that indicates when an attack was detected and whether current protection is enough to prevent impact to an application’s performance.

  • Client side transaction outcomes that indicate trends in an application’s request volume over time.

  • Mitigated request volume and reason for the request mitigation.

Web Protection for policy management

The Web Protection dashboard is a tool that allows you to monitor application security and improve WAF protection. You can drill down into the events related to a specific URL, attack type, or bot signature. This can allow you to further investigate the details of the attacks to your application.

In addition, you can edit your policy (or multiple policies) based on specific traffic/attack information found in the dashboard.

For more information about how you can use the dashboard to improve security monitoring and enforcement, see How to: Policy actions from WAF Security Dashboard.