Manual Chapter : Web Application Security Alerts

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 8.2.0, 8.1.0, 8.0.0
Manual Chapter

Web Application Security Alerts

Security alerts in the TRENDS AND IMPACTS area of the L7 Security dashboard (
Monitoring
DASHBOARDS
L7 Security
) notify you of the number of objects reporting Web Application Security policy (Web Exploits) or DoS profile (L7 DDoS Attacks) events over the past day (trend charts report the past week). These alerts indicate that a protected object (application or virtual server) recently experienced an increased rate in performance issues. To view data the corresponds with these traffic events go to
Monitoring
DASHBOARDS
DDoS
HTTP Analysis
To view the status of your deployed applications, go to
Applications
APPLICATIONS
.
Alert
Description
Impact
Default Thresholds
Action (if applicable)
BAD TRAFFIC TRENDS
The number of objects with a significant increase in traffic with any violation rating.
Increase in transactions with any violation rating.
Web Exploits: The average number of transactions with a violation rating exceeded 10% in the past 24 hours and increased by a ratio of 0.1% out of all traffic over the past week.
L7 DDoS Attacks: The average volume of active, simultaneous attacks increased in the past 24 hours.
Investigate transactions and fine tune your security policy/profile for new threats.
POTENTIALLY HARMFUL ATTACKS
The number of objects with a transparent protection mode (Monitoring), that have an increase in bad traffic.
Increase in transactions with high violation rating.
Web Exploits: The rate of transactions with violation rating of 4 or 5 exceeded 0.1% in the past 24 hours.
L7 DDoS Attacks: The volume of simultaneous active attacks increased in the past 24 hours.
Change security policy or profile to Blocking mode.
FALSE POSITIVE ATTACKS
The number of objects with a blocking protection mode that have an increase in blocked traffic with a low violation rating.
Increase in blocked transactions.
Web Exploits: The rate of blocked transactions with a violation rating of 1 or 2 exceeded 0.01% over the past 24 hours.
Investigate blocked transactions and fine-tune your Web Application Security policy to allow valid transactions.
BLOCKED ATTACKS
The number of objects with a blocking protection mode that blocked any bad traffic over the past 24 hours.
N/A
N/A
N/A