Web Application Firewall (WAF) provides the data visualization feature. The feature uses dashboards to display the business and security data of a website that is added to WAF. This way, you can understand the attack and defense situation of the website in real time. The data visualization feature also displays alerts for attacks. This makes data analysis easier and enables you to make informed decisions.

Background information

Data visualization provides the real-time attack and defense dashboard and the security data dashboard. For more information about the dashboards, see Dashboard data.

The data visualization feature is supported only by Google Chrome 56 and later.

Billing

The data visualization feature supports only the subscription billing method. You can use the data visualization feature within the validity period only after you purchase the data visualization feature.

The data visualization feature is available in two specifications: single-dashboard service and multi-dashboard service. The following table provides the descriptions and prices for the two specifications.
Specification Description Price (USD/month)
Single-dashboard service You can enable the real-time attack and defense dashboard or the security data dashboard. 200
Multi-dashboard service You can enable the real-time attack and defense dashboard and the security data dashboard at the same time. 300

Enable the data visualization feature

You can enable the data visualization feature only if your WAF instance meets the following requirements:
  • WAF instance in mainland China: Pro or a higher edition
  • WAF instance in regions outside mainland China: Business or a higher edition

You can enable the data visualization feature when you purchase a WAF instance. You can also perform the following steps to enable the data visualization feature:

  1. Log on to the Web Application Firewall console.
  2. In the top navigation bar, select the resource group and region to which the WAF instance belongs. The region can be Mainland China or International.
  3. In the left-side navigation pane, click Data Visualization.
  4. In the WAF Real-time Attack and Defense Dashboard or WAF Security Data Dashboard section, click Buy Now.
  5. On the Upgrade/Downgrade page, find Data Visualization and click Single Screen or Multi-screen.
    Note The time when the data visualization feature expires is the same as the time when your WAF instance expires. The system calculates the fees based on the specification that you select and the time when your WAF instance expires. After you enable the data visualization feature, you must renew the data visualization feature and the WAF instance at the same time.
  6. Read and select Web Application Firewall Terms of Service. Then, click Buy Now.
  7. Complete the payment as prompted.
  8. Optional:If you select Single Screen, find the dashboard that you want to enable on the data visualization page and click Activate Now.
    If you select Multi-screen, all dashboards are enabled by default.
  9. View data on the dashboards.
    For more information about data in the dashboards, see Dashboard data.

Dashboard data

Data visualization provides the real-time attack and defense dashboard and the WAF security data dashboard.
  • WAF Real-time Attack and Defense Dashboard
    The dashboard is updated in seconds. It displays access information and blocked attacks for all your websites that are protected by WAF. You can assess the stability of your website service and the quality of the network based on the dashboard data.
    Note White points on the globe represent WAF data centers, and dotted lines represent connections between data centers. The dashboard displays data that is collected from 00:00 of the current day to the current time.
    WAF Real-time Attack and Defense Dashboard
    Statistical item Description
    Inbound Bandwidth (bit/s) The inbound bandwidth in bit/s.
    Outbound Bandwidth (bit/s) The outbound bandwidth in bit/s.
    QPS The current queries per second (QPS).
    Interception Ratio Today (%) The proportion of the requests that are blocked by WAF to the total requests on the current day.
    Blocked Attacks Today The number of attacks that are blocked by WAF on the current day.
    Mobile OS Distribution The distribution of operating systems for mobile clients that initiate access requests.
    PC Browser Distribution The distribution of browsers for PC clients that initiate access requests.
    TOP 10 Source IPs (Visits) The top 10 IP addresses that initiate the most access requests and the number of access requests for each IP address.
    TOP 5 Visited URLs (Visits) The top five URLs that receive the most access requests.
    Monitored Exceptions The HTTP status codes that are returned for failed requests and the number of times that each status code is returned.
    Visits Statistics (mainland China) The access heat map that shows the distribution of sources that initiated access requests in the last hour.
    Requests (QPS) The QPS trend chart. The chart shows changes in the numbers of requests that are blocked by WAF based on different protection rules. The rules include access control, data risk control, web application protection, and HTTP flood protection rules.
    Bandwidth (bit/s) The trend chart that shows changes in the inbound and outbound bandwidths.
  • WAF Security Data Dashboard
    The dashboard displays security data about your websites that are protected by WAF. The data includes the numbers of web attacks, HTTP flood attacks, and requests blocked by access control.
    Note To display the security data of a domain name, select the domain name in the lower-left corner of the dashboard. By default, the security data of all domain names is displayed.
    WAF Security Data Dashboard
    Statistical item Description
    Total Visits The total visits to the selected domain name on the current day.
    Web Attacks The number of web attacks that are blocked by WAF for the selected domain name on the current day.
    HTTP Flood Attacks The number of HTTP flood attacks that are blocked by WAF for the selected domain name on the current day.
    Access Control The number of requests that are blocked based on custom protection policies for the selected domain name on the current day.
    Top Web Attack Source IPs The IP addresses from which the most attacks are initiated, the regions to which the IP addresses belong, and the numbers of attacks from the IP addresses. You can move your pointer over the IP address of an attack source to view the type of attack and the region to which the IP address belongs.
    Region heat map The region heat map, which is in the upper-right corner and displays the distribution of regions for attack sources.
    The radar chart in the middle of the WAF security data dashboard shows the QPS, blocked web attacks, blocked HTTP flood attacks, and blocked access requests during a 15-minute period. You can select a time period in the radar chart to view the security data during the time period that you select.
    Note You can click a date in the lower part of the dashboard to display the security data for the date that you select.
    Security data
    Statistical item Description
    Visits The QPS.
    Web Attacks The number of web attacks that are blocked by WAF.
    HTTP Flood Attacks The number of HTTP flood attacks that are blocked by WAF.
    Access Control The number of requests that are blocked by WAF based on custom protection policies.
    Top Web Attack Source IPs The IP addresses from which the most attacks are initiated, the regions to which the IP addresses belong, and the numbers of attacks from the IP addresses. You can move your pointer over the IP address of an attack source to view the type of attack and the region to which the IP address belongs.
    Web Attack Type The distribution of web attacks that are blocked by WAF based on attack types.
    Top Attack Source Region The top five attack source regions.
    Top Hit Rule The top five WAF protection rules that are matched.