Lab 6: Security Analytics and Malicious User Detection

Scenario

A recent review highlighted the need for greater visibility into API performance and security events. This includes identifying bad actors (clients) attempting to misuse or attack the API.

Investigate request and security events, and establish a method for detecting malicious users.

Expected Lab Time: 8 minutes

Task 1: Review Requests Dashboard

In this task, you will explore the Security Analytics Dashboard within Distributed Cloud (XC) for security events.

  1. From the Web App & API Protection menu, navigate to Overview, then click Security

  2. With the Dashboard view, scroll down to the bottom to the Application Delivery tile to find your HTTP Load Balancer object; click this LB object.

    ../_images/lab6-101.png

  3. Within the Dashboard view, click the Requests tab:

    ../_images/lab6-request-102.png

  4. On the right-hand side, expand the time window to Last 24 hour and click the Refresh button; this should provide details of your requests you made during this lab.

  5. Review and explore the related request events. Expand various requests to understand if they were successful or denied.

    ../_images/lab6-request-103.png

  6. Continue to explore various filters, events, etc. within the Requests dashboard to review and explore the related events.

Task 2: Review Security Anatlyics Dashboard

In this task, you will explore the Security Analytics Dashboard within Distributed Cloud (XC) for security events.

  1. From the Web App & API Protection menu, navigate to Overview, then click Security

  2. With the Dashboard view, scroll down to the bottom to the Application Delivery tile to find your HTTP Load Balancer object; click this LB object.

    ../_images/lab6-101.png

  3. Within the Dashboard view, click the Security Analytics tab:

    ../_images/lab6-security-102.png

  4. On the right-hand side, expand the time window to Last 24 hour and click the Refresh button; this should provide details of your requests you made during this lab.

  5. Review and explore the related security events. Expand various requests to understand why they were allowed/blocked.

    ../_images/lab6-security-102.png

  6. Continue to explore various filters, events, etc. within the Security Analytics dashboard to review and explore the related events. Try using the Forensics filter to drill-down further into specific traffic.

    ../_images/lab6-security-103.png

Task 3: Review Malicious User Detection

In this task, you will explore the Malicious Users section of the Security Analytics Dashboard within Distributed Cloud (XC).

  1. From the Web App & API Protection menu, navigate to Overview, then click Security

  2. With the Dashboard view, scroll down to the bottom to the Application Delivery tile to find your HTTP Load Balancer object; click this LB object.

    ../_images/lab6-101.png

  3. Within the Dashboard view, click the Malicious Users tab:

    ../_images/lab6-mud-102.png

  4. On the right-hand side, expand the time window to Last 24 hour and click the Refresh button; this should provide details of your requests you made during this lab.

  5. Review and explore the related malicious user events.

    ../_images/lab6-mud-103.png

    Note

    Malicious User Detection also includes migitation, which was not enabled for this lab. As the user score increases action can be taken, including a temporary block.

End of Lab

../_images/labend3.png