Monitor Events

CloudGuard AppSec provides fours views for monitoring system events:
  • Graphical Dashboard - graphical view of security events with Critical & High severity.
  • Important Events - tabular view of security events with Critical & High severity.
  • All Events - tabular view of all security event including events with Medium, Low and Info severity.
  • Notifications - tabular view of administrative system events.

Graphical Dashboard

The AppSec dashboard is a single-pane view of important security events.
To reach the dashboard select Monitor, then AppSec Dashboard in the main menu.
Controls in the dashboard are clickable and will allow you to drill down and see granular event details.
Following is a description of the Dashboard sections:
Overall HTTP Traffic
Statistics show the number of overall request for the time period and unique number of users and, or identities that use the protected web servers.
Malicious Activity
Overall statistics of the number of attackers (users and, or identities) and the number of attacks on web servers.
Security Actions
Overall number of events that where prevented and detected.
Top Attack Sources
  • A chart of the top attackers by the number of events.
  • Number of events on a time line, gives visibility to the changes in the security posture.
Attacks Level
Chart of the number of attacks by severity.
Top Attack Assets
Chart of the most attacked web servers.
Asset Statistics
Table of protected web server(s) and its statistics.
Attacks Timeline
Shows a specific time period on the dashboard.
You can right click on Dashboard items to drill down as well as "filter in" or "filter out":

Event Views

The Events view provides a tabular view of events with ability to select granular filter options (left pane in the image below), search queries and Time ranges.

Event Cards

When you double click on an event, a card shows details about the specific event.
Event Severity Classification
Protected Web Asset Name and Policy
HTTP Transaction Information
Threat Prevention details

Time filters

You can filter events based on time ranges by clicking the time filter selector at the top left corner.

Event Query Language

CloudGuard AppSec features an extensive event query language. For more details see here:


When browsing to Monitor->Notifications a specific log view is shown.
This view includes notifications to the user about an issue and a remediation action item, usually regarding detection of a configuration or environment issue CloudGuard AppSec has detected around it.
The Log view includes a "Remediation" column where the instructions will be shown.
Urgent notifications, if there are any, will appear on the top bar of the application in any page, leading to this page for additional information.