Monitoring Web Application Security statistics

When Analytics is enabled on BIG-IQ, and AVR is provisioned on managed BIG-IP devices, you can view detailed insights about the traffic that violated your security policies. Data can indicate the need for changes to the application service's protection.

Policy management indicators can include, but are not limited to:

Policy enforcement settings: A security policy may be deployed in
Transparent
or
Blocking
enforcement modes. Depending on your environment you may want to change these settings following the application services's deployment.
Increased in bad traffic: Drill down into traffic details, such as geolocation or malicious requests, or targeted URLs to identify sources of an attack. Based on these results, the security admin can enable strict enforcement for specific objects.
False Positives: Application service alerts of increased false positives may indicate that enforcement settings are too strict and need adjustment.

To view traffic statistics for objects with Web Application Security policy protection, you must have the following settings configured.

A BIG-IQ data collection device configured for the BIG-IQ device
The BIG-IP device located in your network and running a compatible software version
Statistics collection enabled for managed BIG-IP devices
AVR provisioned on your BIG-IP devices