Applies To:Show Versions
- 14.1.3, 14.1.2, 14.1.0
Displaying Reports and Monitoring ASM
ASM Reporting Tools
Application security overview
Displays a summary of all configured security policies showing the active security policies, attacks that have occurred, anomaly statistics, and networking and traffic statistics. You can save the information or send it as an email attachment.
Summarizes the requested URLs for security policies.
Displays a list of incidents. Incidents aggregate illegal requests that are likely to be part of a suspected attack on the web application. Incidents separate false positive events from malicious activity and facilitate incident response. Incidents originate from a single source, either a Device ID, or, if not available, a Source IP. Incidents are triggered based on single or multiple correlation heuristics applied to illegal requests. Refer to the online help for details on how to view incidents:.
Displays graphical reports about security policy violations and provides tools that let you view the data by different criteria, drill down for more data, create customized reports, and send or export reports.
Allows you to periodically generate specific reports and distribute them using email.
DoS Attacks report
Displays graphic charts about DoS attacks, viewed by selected category, and includes the attack start and end times.
Brute Force Attacks report
Displays graphic charts about brute-force attacks, viewed by selected category, and includes the attack start and end times.
Web Scraping statistics
Displays graphic charts about web scraping attacks, viewed by selected category, and includes the attack start and end times.
Session Tracking status
Displays the users, sessions, and IP addresses that the system is currently tracking, and for which the system is taking action as a result of having triggered one of the violation detection thresholds.
PCI Compliance report
Displays a printable Payment Card Industry (PCI) compliance report for each security policy showing each security measure required for PCI-DSS 1.2, and compliance details.
CPU Utilization report
Displays the amount of the available CPU that the Application Security Manager uses over a period of time.
Displaying an application security overview report
- On the Main tab, click.The Overview Traffic screen opens and summarizes ASM system activity at a glance.
- If using device groups, from theDevice Grouplist, select a device group to narrow down the statistics.
- To change the default time frame for all widgets, select a time period from theOverride time range tolist.
- From theSecurity Policylist, select a security policy to narrow down the statistics.By default, statistics for all active security policies are shown.
- Review the summary statistics (organized into areas calledwidgets) to determine what is happening on the system.
- If you want to create a new area of information customized to your specifications, at the bottom of the screen, clickAdd Widget.The Add New Widget popup screen opens.
- Optionally, for each widget, you can adjust the time range, data measurements, and format of data to display from theTime Periodlist (Last Hour, Last Day, Last Week, Last Month, or Last Year) or the configuration gear settings.You can also delete any widget that you do not need on the screen.
- To save the summary as a PDF file on your computer:
- Click theExportlink.
- In the popup screen that opens, clickExportagain to save the file on your computer.
- To send the report as an email attachment, click theExportlink.To send email, you need to configure an SMTP server. If one is not configured, on the Main tab, click, and then clickCreateto configure one first.
The systems sends an email with the PDF to the specified addresses.
- ClickSend the report file via E-Mail as an attachment.
- In theTarget E-Mail Address(es)field, type the one or more email addresses (separated by commas or semi-colons).
- From theSMTP Serverlist, select the SMTP server.
- On the Main tab, click.The Requests screen opens, where, by default, you view an event log displaying illegal requests for all security policies.
- In the Requests List, click a request to view information about the request and any violations associated with it.The screen refreshes, showing the Request Details area, where you see any violations associated with the request and other details, such as the security policy it relates to, the support ID, the violation rating, and potential attacks that it could cause.
- Use the Violation area elements to view details about a violation associated with an illegal request:
- To view details about this specific violation such as the file type, the expected and actual length of the query, or similar relevant information, click the violation name.
- To display a general description of that type of violation, click the info icon to the left of the violation name.
- For violations that you want to allow (false positives), click theLearnbutton.Some violations cannot be learned; theLearnbutton is unavailable in this case.If there are learning suggestions, the violation’s learning screen opens, and you can accept or clear the suggestions one at a time.
- To view the actual contents of the request, clickHTTP RequestorHTTP Response.
- When you are done looking at the request details, clickClose.
How to view a request
Generating PCI Compliance reports
- On the Main tab, click.The PCI Compliance screen opens showing a compliance report for the current security policy.
- To learn more about items that are PCI compliant (items with a green check mark), those which are partially compliant, or those which are not PCI compliant (items with a red X), click the item link in the Requirement column.The screen shows information about how to make an item PCI-compliant.
- Optionally, in the Details list, you can click a hyperlink (blue text) to go directly to the screen where you can adjust the non-compliant settings.
- To create a PDF version of the report that you can save, open, or print, clickPrintable Version.
- To display a PCI compliance report for a different security policy, in the PCI Compliance Report area, from theSecurity Policylist, select a different policy name.A PCI compliance report for the selected policy opens.