All Products
Search

This Product

    Edge Security Acceleration:Security analytics

    Document Center

    Edge Security Acceleration:Security analytics

    Last Updated:Dec 17, 2025

    Security analytics displays data from WAF and bot management, including metrics for blocked, observed, and other requests. You can use this data to adjust your protection rules.

    Analysis dimensions

    • Filter: Filters data by dimensions such as Host, HTTP Version, and Client IP. Only data that matches the specified filters is displayed.

    • Query time: By default, data for the Last 24 Hours is displayed. You can specify a custom time range to query data from the last 30 days.

    View security analytics reports

    If your web application experiences a sudden traffic spike or you detect unusual attack behavior, use the security analytics module to analyze HTTP and HTTPS request traffic in real time. Compare the traffic against your predefined baseline for legitimate requests. Refer to characteristics such as header structure, payload patterns, and access frequency. For unexpected traffic that deviates from the baseline, such as traffic with SQL injection or CC attack features, the WAF Deep Packet Inspection (DPI) engine can dynamically load predefined or custom rulesets. These rules, such as regular expression matching and rate limiting policies, precisely block requests and help you trace the source of attacks. This process enables proactive threat management within a defense-in-depth framework.

    Note

    Data in Security Analytics is delayed by about 5 minutes.

    Account level

    Security analytics provides a centralized view for analyzing protection information across all sites under your account.

    1. Log on to the ESA console. In the navigation pane on the left, choose Analytics and Logs > Security Analytics.

    2. On the Security Analytics page, you can view protection information and use the Filter to select the data you need. You can click the image icon to print the page report or click the image icon to download the data as a CSV file for local analysis.

      image

    Site level

    Security analytics also provides reports for individual sites. You can use these reports to analyze protection information for a specific site.

    1. In the ESA console, go to Websites. In the Website column, click the target site.

    2. In the navigation pane on the left, choose Security > Security Analytics.

    3. On the Security Analytics page, you can view protection information and use the Filter to select the data you need. You can click the image icon to print the page report or click the image icon to download the data as a CSV file for local analysis.

      Note

      For more information, see Protect against unusual traffic. On the security protection page, you can centrally manage this protection by clicking Create Custom WAF Rule from Filters or Create Bot Management Rule from Filters.

      image

    Data overview

    On the data overview tab, you can view Request Analytics, Bot Analytics, and Rate Limiting Analytics. Click the image icon to download the analysis data as a CSV file for local analysis.

    image

    Sampling logs

    Sampling logs are generated by adaptively sampling incoming HTTP/S traffic based on traffic volume. These logs provide details such as Time, Bot Type, Client IP, and Path. Click image to view more details.

    image

    You can use the Filter to narrow the results and click OK to view the details. The following example shows how to filter sampling logs for the Definite Bots type:

    1. On the overview tab, click the Bot Analytics tab. In the Definite Bots section, click Filter.

      image

    2. The Sampling Logs area displays sampling logs for the Definite Bots type. Click image to view the log details.

      image

    Create protection rules from filter conditions

    The security analytics feature lets you filter data by time and other conditions. Based on these filters, you can view overview data for request analysis, bot analysis, and rate limiting analysis. You can also use the current filter conditions to directly create WAF custom rules, bot rules, or WAF rate limiting rules.

    Note

    Only the Enterprise Edition supports creating bot rules from filter conditions.

    1. On the Security Analytics page, to the right of the filters, click Create rule from filter conditions.

      Note

      On the Request Analytics tab of the Overview module, you can select Create Custom WAF Rule from Filters. On the Bot Analytics tab of the Overview module, you can select Create Bot Management Rule from Filters. On the Rate Limiting Analytics tab of the Overview module, you can select Create WAF Rate Limiting Rule from Filters.

      image

    2. On the new rule page, enter a Rule Name, select an action, and click OK. The rule takes effect immediately.

      image