Citrix Application Delivery Management service

View application security violation details

Web applications that are exposed to the internet have become vulnerable to attacks drastically. Citrix ADM enables you to visualize actionable violation details to protect applications from attacks. Navigate to Analytics > Security > Security Violations for a single-pane solution to:

  • Visualize applications with full visibility into the threat details associated in both security insight and bot insight

  • Access the application security violations based on its categories such as Network, Bot, and WAF

  • Take corrective actions to secure the applications

The Security Violations page has the following options:

  • Application Overview – Displays an overview with applications that have total violations, total WAF and Bot violations, violation by country, and so on. For more information, see Application overview.

  • All Violations – Displays the application security violation details. For more information, see All violations.

Setting up

You must enable Advanced Security Analytics and select Web Transaction Settings to All to view the following violations in Citrix ADM:

  • Unusually High Upload Transactions (WAF)

  • Unusually High Download Transactions (WAF)

  • Excessive Unique IPs (WAF)

  • Account Takeover (BOT)

  • Website Scanners (BOT)

For other violations, ensure if Metrics Collector is enabled. By default, Metrics Collector is enabled on the Citrix ADC instance. For more information, see Configure Intelligent App Analytics.

Enable Advanced Security Analytics

  1. Navigate to Networks > Instances > Citrix ADC, and select the instance type. For example, MPX.

  2. Select the Citrix ADC instance and from the Select Action list, select Configure Analytics.

  3. Select the virtual server and click Enable Analytics.

  4. On the Enable Analytics window:

    1. Select Web Insight. After you select Web Insight, the read-only Advanced Security Analytics option is enabled automatically.

      Note

      The Advanced Security Analytics option is displayed only for premium licensed ADC instances.

    2. Select Logstream as Transport Mode

    3. The Expression is true by default

    4. Click OK

      Advanced security analytics

Enable Web Transaction settings

  1. Navigate to Analytics > Settings.

    The Settings page is displayed.

  2. Click Enable Features for Analytics.

  3. Under Web Transaction Settings, select All.

    web-transaction-settings

  4. Click Ok.

View application security violation details