Event analysis aggregates and analyzes security event data, helping you identify threats, assess risks, and respond accordingly.
Usage limits
Security events may use sampled data to improve performance. With sampled data, not all events may appear and filters may not return expected results. To view more complete data, select a smaller and more recent time range.
Event analysis dashboard
The event analysis dashboard shows only requests processed or tagged by ESA security products. Each HTTP/HTTPS request can generate one or more security events. Raw HTTP/HTTPS requests are not shown.
To access the event analysis dashboard:
In the ESA console, select Websites, and in the Website column, click the target site.
In the left navigation pane, choose .
On the Event page, click the
icon to print the page report. Use filters to refine results. For more information, see Filters.
Top data by dimensions
Event analysis presents event type data across multiple dimensions. Select a time range to view detailed data and visualizations for each dimension.
By default, the top 5 entries are displayed for each dimension. Click More to view additional entries.

Event count
Click an event type to view its event count details. Above the event count panel, click Filter to show only the specified category, or click Exclude to hide it. Click the
icon to download the data in CSV format.

Event sources
Event sources span multiple dimensions, including WAF interception records, bot activities, DDoS attack events, origin access control, and operation audit. Customize the time range to focus on events within a specific period. Data is available for up to the past 30 days.
Sampling logs
Sampling logs are generated by adaptive sampling of incoming HTTP/HTTPS traffic. Use filters to narrow down the results.
