Monitor Events

CloudGuard WAF provides fours views for monitoring system events:

  • Graphical Dashboard - graphical view of security events with Critical & High severity.

  • Important Events - tabular view of security events with Critical & High severity.

  • All Events - tabular view of all security event including events with Medium, Low and Info severity.

  • Notifications - tabular view of administrative system events.

Graphical Dashboard

The WAF dashboard is a single-pane view of important security events.

To reach the dashboard select Monitor, then WAF Dashboard in the main menu.

Controls in the dashboard are clickable and will allow you to drill down and see granular event details.

Following is a description of the Dashboard sections:

SectionDescription

Overall HTTP Traffic

Statistics show the number of overall request for the time period and unique number of users and, or identities that use the protected web servers.

Malicious Activity

Overall statistics of the number of attackers (users and, or identities) and the number of attacks on web servers.

Security Actions

Overall number of events that where prevented and detected.

Top Attack Sources

  • A chart of the top attackers by the number of events.

  • Number of events on a time line, gives visibility to the changes in the security posture.

Attacks Level

Chart of the number of attacks by severity.

Top Attack Assets

Chart of the most attacked web servers.

Asset Statistics

Table of protected web server(s) and its statistics.

Attacks Timeline

Shows a specific time period on the dashboard.

You can right click on Dashboard items to drill down as well as "filter in" or "filter out":

Event Views

The Events view provides a tabular view of events with ability to select granular filter options (left pane in the image below), search queries and Time ranges.

Event Cards

When you double click on an event, a card shows details about the specific event.

Examples:

Event Severity Classification

Protected Web Asset Name and Policy

HTTP Transaction Information

Threat Prevention details

Time filters

You can filter events based on time ranges by clicking the time filter selector at the top left corner.

Event Query Language

CloudGuard WAF features an extensive event query language. For more details see here:

pageEvent Query Language

Notifications

When browsing to Monitor->Notifications a specific log view is shown.

This view includes notifications to the user about an issue and a remediation action item, usually regarding detection of a configuration or environment issue CloudGuard WAF has detected around it.

The Log view includes a "Remediation" column where the instructions will be shown.

Urgent notifications, if there are any, will appear on the top bar of the application in any page, leading to this page for additional information.

Last updated