1. Overview

WAAS analytics provide users a way to investigate events and rule triggers.

waas analytics
  • For container WAAS events go to Monitor > Events > WAAS for containers

  • For host WAAS events go to Monitor > Events > WAAS for hosts

  • For App-Embedded WAAS events go to Monitor > Events > WAAS for App-Embedded

  • For serverless WAAS events go to Monitor > Events > WAAS for Serverless

WAAS retains up to 200,000 events for each type (container, hosts, app-embedded and serverless). Once the limit is reached, oldest events will get over-written by new ones.
Similar audits are aggregated and grouped into a single event when received in close succession (less than 5 minutes apart). Audits are aggregated by a combination of IP, HTTP hostname, path, HTTP method, User-Agent and attack type.

2. Analytics workflow

waas analytics cycle

WAAS analytics allows for the review of incidents by analyzing events across various dimensions, inspecting individual requests, and applying filtering to focus on common characteristics or trends.

3. Event graph

waas timeline

A timeline graph shows the total number of events.
Each column on the timeline graph represents a dynamic period - hover over a column to reveal its start, end and event count.

Date filter can be used to adjust the timeline scope.

4. Filters

Filter can be adjusted by using the filtering line:

waas analytics filters

The filter line uses auto-complete for filter names and filter values.
Once set, the filters would apply on the graph and aggregation view.

You can dynamically update the date filter by selecting an area in the chart. Click in the chart area, hold the mouse button down, and draw a rectangle over the time frame of interest. The date filter is automatically updated to reflect your selection.

5. Aggregation view