After your web services are added to Web Application Firewall (WAF), you can go to the Overview page of the WAF console and query urgent vulnerability notifications that occurred in the last 30 days, service security data, and service traffic data. This way, you can check the security posture of your web services.
For more information, see Manage protected objects.
View the overall data on the Overview page
- Log on to the WAF 3.0 console.
- In the top navigation bar, select the resource group and region to which the WAF instance belongs. You can select the Chinese Mainland or Outside Chinese Mainland region.
- In the left-side navigation pane, click Overview.
- On the Overview page, view urgent vulnerability notifications and the overall data.
- View urgent vulnerability notifications
The Urgent Vulnerability section displays the update notification for protection rule that is provided by WAF to fix the latest urgent vulnerability. The Urgent Vulnerability section is displayed in the upper part of the Overview page and displays the latest urgent vulnerability notification. To view all urgent vulnerability notifications, click More.
- Query the overall data
In the upper part of the Overview page, specify the protected object and time range to query the overall data.
- Protected object: By default, All is selected, and all protected objects of WAF are queried. You can select a specific protected object.
- Time range: By default, Today is selected, and WAF displays the data of the current day. You can use one of the
following methods to change the time range:
- Click Yesterday, Today, 7 Days, or 30 Days to query the data of yesterday, today, the last 7days, or the last 30 days.
- Click the date and time picker and specify the start time and end time to query data within the specified time range. The time range must be within 30 days.
The overall data is classified into two parts: overall security data and overall traffic data. To view overall security data or overall traffic data, you can click the Security or Traffic tab. For more information, see Overall security data and Traffic data description.
- View urgent vulnerability notifications
Overall security data
On the Security tab of the Overview page, you can view the overall security data. The following table describes the overall security data.
|Protection Overview||Displays the trends of total requests (Total Requests), requests that match rules in monitoring mode (Requests in Monitoring Mode), and blocked requests (Blocked Requests) for the protected object within the specified time range in a line chart. The requests that match rules in monitoring mode are not blocked.||Move the pointer over a point in the line chart to view the data at that point in time.|
|Attacks||Displays the statistics of the sources that initiate attacks on the protected object
within the specified time range.
||Click the Top 10 Attack IP Addresses or Top 10 Attack User-Agents tab to view the corresponding data.|
|Rule Hits||Displays the statistics of all protection rules that are matched in the specified
||Click the Top 10 Protected Websites, Top 10 Rule Types, and IDs of Top 10 Rules tab to view the corresponding data.|
|Security Events||Displays the records and details of attack events that occur on protected objects and the attack block percentage in a list. This way, you can identify the threats to your services and obtain information about how to handle these threats.||Click the name of an event to view the event details.
The event details include Threat Intelligence and Suggestions. You can also view the analysis result of the event in the Top 5 Attacks section. You can click the following tabs to view specific data:
In the Event Details panel, you can click View Log to the right of the event name to go to the Log Service page. Then, you can query logs to further analyze the event. For more information, see Enable the Log Service for WAF feature.
Traffic data description
On the Traffic tab of the Overview page, you can view the overall traffic data. The following table describes the overall traffic data.
|Requests||Displays the trend of requests that are received by the protected object within the specified time range in a line chart.||Move the pointer over a point in the line chart to view the data at that point in time.|
|QPS||Displays the trend of queries per second (QPS) for requests that are received by the protected object within the specified time range in a line chart.||
|Bandwidth||Displays the trends of the inbound bandwidth (Inbound Bandwidth) and outbound bandwidth (Outbound Bandwidth) of the protected object within the specified time range in a line chart. Unit: Bit/s.||Move the pointer over a point in the line chart to view the data at that point in time.|
|Status Code||Displays the trends of the number of HTTP status codes within the specified time range in a line chart. The status codes can be returned by WAF to clients (WAF to Client) or returned by origin servers to WAF (Origin Server to WAF). The status codes include 5XX,405,499,302, and 444.||Move the pointer over a point in the line chart to view the data at that point in time.|
|Access Statistics||Displays the statistics of the requests that are received by protected objects within
the specified time range.
||Click the Top 10 Protected Websites, Top 10 IP Addresses, or Top 10 User-Agents tab to view the corresponding data.|