Citrix Application Delivery Management service

Application overview

The Application Overview page displays applications with full visibility into the threat details associated in both security insight and bot insight. You can also view information such as total violations, total WAF and Bot violations, violation by country, and so on.

Application overview

1 – Displays the total affected applications, total violations, total WAF violations, and total Bot violations for the selected duration.

2 – Displays the WAF and Bot violation details. Click the WAF and Bot tab to view the top 5 applications based on the total violations occurred. Click View All to view all application details.

3 – Displays the top violations based on the occurrences and the actions applied.

4 – Displays a geo map view that provides visibility from which locations the violations have occurred.

5 – Provides information based on the violations.

For more information on bot and security insights, see:

Violation categories

WAF Bot
Unusually High Upload Transactions Excessive Client Connections
Unusually High Download Transactions Account Takeover
Excessive Unique IPs Unusually High Upload Volume
Excessive Unique IPs Per Geo Unusually High Request Rate
Cookie Hijack Unusually High Download Volume
Infer Content Type XML Website Scanners
Buffer Overflow Account Takeover for Citrix Gateway
Content Type API Abuse
Cookie Consistency Content Scrapers
CSRF Form Tagging Keystroke and mouse dynamics based bot detection
Deny URL Scraper
Form Field Consistency Screenshot Creator
Field Formats Search Engine
Maximum Uploads Service Agent
Referrer Header Site Monitor
Safe Commerce Speed Tester
Safe Object Tool
HTML SQL Inject Uncategorized
Start URL Virus Scanner
Cross-site scripting Vulnerability Scanner
XML DoS DeviceFP Wait Exceeded
XML Format Invalid DeviceFP
XML WSI Invalid Captcha Response
XML SSL Captcha Attempts Exceeded
XML Attachment Valid Captcha Response
XML SOAP Fault Captcha Client Muted
XML Validation Captcha Wait Time Exceeded
Others Request Size Limit Exceeded
IP Reputation Rate Limit Exceeded
HTTP DOS Block list (IP, subnet, policy expression)
TCP Small Window Allow list (IP, subnet, policy expression)
Signature Violation Zero Pixel Request
File Upload Type Source IP
JSON cross-site scripting Host
JSON SQL Geo Location
JSON DOS URL
Command Injection Crawler
  Feed Fetcher
  Link Checker
  Marketing

View WAF violation details

Click an application from the Top Applications or from the View All option to view the WAF details.

WAF

The Security Overview page for the selected application is displayed. Under WAF, you can view:

  • A graph view that indicates the total violations, threat index score, safety index score for the application.

    WAF graph

    Click View Details to see the Application Firewall and Citrix ADC System Security configuration details.

    View details

  • The violations based on types, severity, and actions applied.

    WAF graph details

    Click Logs to view details based on the severity or action taken. You can also view the client IP address.

    Logs

  • The violations affected on the application. Under Violation Details, you can view the affected violation details. Click each violation to view details such as:

    • What Happened – Indicates the total occurrences and the last occurred date and time.

    • Event Details – Displays a geo map that indicates the client IP and other violation details such as violation type, client IP, location, and so on.

      WAF violation details

View bot violation details

From the Bot tab, click an application from the Top Applications or from the View All option to view the bot details.

Bot details

The Security Overview page for the selected application is displayed. Under Bot, you can view:

  • A graph indicating total bots, total bad bots, total good bots, and total ratio between human users and bots accessing the application.

    Bot graph

  • The violations based on the bot types, severity, and actions applied.

    Bot violation types

    Click Logs to view details based on severity or actions taken. If a detected bot is a Signature type bot, you can view more details such as Bot developer and Signature ID. The Signature ID enables you to identify if the detected bot is a good bot or a bad bot.

    Bot logs

    Note

    If a detected bot is any other bot type apart from Signature bot, the Signature ID and Bot developer are displayed as N/A.

    NA type

  • The violations affected on the application. Under Violation Details, you can view the affected violation details. Click each violation to view details such as:

    • What Happened – Indicates the total occurrences and the last occurred date and time.

    • Event Details – Displays a geo map that indicates the client IP and other violation details such as violation type, client IP, location, and so on.

      Bot violation details

View events history

Click the Events tab to view the bot and WAF events.

Application overview