Manual Chapter : Monitoring Web Application Security statistics

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 8.0.0
Manual Chapter

Monitoring Web Application Security statistics

When Analytics is enabled on BIG-IQ, and AVR is provisioned on managed BIG-IP devices, you can view detailed insights about the traffic that violated your security policies. Data can indicate the need for changes to the application service's protection.
Policy management indicators can include, but are not limited to:
  • Policy enforcement settings: A security policy may be deployed in
    Transparent
    or
    Blocking
    enforcement modes. Depending on your environment you may want to change these settings following the application services's deployment.
  • Increased in bad traffic: Drill down into traffic details, such as geolocation or malicious requests, or targeted URLs to identify sources of an attack. Based on these results, the security admin can enable strict enforcement for specific objects.
  • False Positives: Application service alerts of increased false positives may indicate that enforcement settings are too strict and need adjustment.
To view traffic statistics for objects with Web Application Security policy protection, you must have the following settings configured.
  • A BIG-IQ data collection device configured for the BIG-IQ device
  • The BIG-IP device located in your network and running a compatible software version
  • Statistics collection enabled for managed BIG-IP devices
  • AVR provisioned on your BIG-IP devices