How to: Policy actions from WAF Advanced Dashboard

Use the WAF Advanced Dashboard to monitor the information you need regarding you application security.

The dashboard allows you to filter data and adjust one or more policies based on your evaluation of traffic trends and/or detected attacks.

Note: L7 DoS Protection does not provide direct policy changes.

Prerequisites

  • You must have a policy deployed to a BIG-IP Next instance.

  • The deployed policy must be attached to an application that is receiving traffic.

    If you have recently deployed the policy, it might take a few minutes to collect enough data. Click Refresh to refresh the dashboard.

  • Ensure L7 DoS protection is Enabled for at least one of your deployed policies.

If no data is shown in your WAF Security Dashboard, check the following to ensure your WAF Security Dashboard presents data:

  • Ensure your application is receiving traffic.

  • Ensure your policy is attached to the correct application, and is deployed to an active BIG-IP Next instance.

  • The dashboard has not received the latest traffic data. Click Refresh or enable automatic refresh settings.

Filter dashboard information

You can select one or more policies, WAF applications, or traffic details to filter the dashboard according to your monitoring requirements. There are two filter options:

  • Advanced filter - Select one or more filter options for a more complex dashboard filter.

  • Quick filter - Filter the entire dashboard by selecting specific objects within the dashboard.

Advanced filter

Use the following procedure to use the advanced filter the WAF Advanced Dashboard for more complex or specific monitoring:

  1. Click the workspace icon next to the F5 icon, and click Security.

  2. From the left menu click WAF Security Dashboard.

  3. From the top left, click + Add Filter.

  4. Select a filter type.

  5. Select a filter by option.

  6. Select one or more objects.

The dashboard is updated automatically according to your selections. Click + Add Filter to add filters. Click X Clear All from the top right to remove all filters. See the example below of adding a filter by a WAF policy:

image

Quick filter

Select information directly from the dashboard to filter by that selection.

  1. Click the workspace icon next to the F5 icon, and click Security.

  2. From the left menu click WAF Security Dashboard.

  3. Go to one of the data areas in the dashboard and hover over the object row.

  4. Select the three dots to the far right of the row.

  5. Select Filter by….

The dashboard is updated automatically according to your selection. You can add another filter selection from additional data.

See the example below for filtering the dashboard by a specific violation and signature ID:

image

Manage policy enforcement settings

Manage changes to one or more security policies directly from the information found within the security dashboard. Certain data can indicate too much or too little enforcement in a policy’s configuration. For example, if your policies have a transparent enforcement mode and there is a spike in alerts for a detected attack signatures, you can change the enforcement mode directly from the dashboard (see example below).

For more information about customizing your WAF policy, see Customize a WAF Policy.

  1. Click the workspace icon next to the F5 icon, and click Security.

  2. From the left menu click WAF Security Dashboard.

  3. Click the name or row of a chart obejct . This displays details about the data entry.

  4. From the selected information card, click Actions. This opens a panel with additional details and the available actions for policy management.

  5. Select the one of the Enforcement Settings.

  6. From Apply to Policies, select which policy, or policies, to deploy changes.

  7. Click Deploy to deploy your policy changes to the BIG-IP Next instances.

    Note: You can save your changes without immediate deployment. Click Save. This will save policy changes on BIG-IP Next Central Manager. The updated application protection is applied during the next policy deployment to managed BIG-IP Next instances.

View event logs

Drill down into traffic detection details for a specific data found in the dashboard. You can use the information to better filter potential security threats, or to understand traffic behavior to your protected applications. For more information about details found in the WAF event logs, see Reference: Event Logs

  1. Click the workspace icon next to the F5 icon, and click Security.

  2. From the left menu click WAF Security Dashboard.

  3. Click the name or row of a chart obejct . This displays details about the data entry.

  4. From the selected information card, click View Logs. This opens a panel with events that contain the selected information in the request details. You can click the event row to view additional information about that specific event.