Citrix Application Delivery Management service

View application security violation details

Web applications that are exposed to the internet have become vulnerable to attacks drastically. Citrix Application Delivery and Management enables you to visualize actionable violation details to protect applications from attacks. Navigate to Security > Security Violations for a single-pane solution to:

  • Visualize applications with full visibility into the threat details associated in both security insight and bot insight

  • Access the application security violations based on its categories such as Network, Bot, and WAF

  • Take corrective actions to secure the applications

The Security Violations page has the following options:

  • Application Overview – Displays an overview with applications that have total violations, total WAF and Bot violations, violation by country, and so on. For more information, see Application overview.

  • All Violations – Displays the application security violation details. For more information, see All violations.

Setting up

You must enable Advanced Security Analytics and select Web Transaction Settings to All to view the following violations in Citrix Application Delivery and Management:

  • Unusually High Upload Transactions (WAF)

  • Unusually High Download Transactions (WAF)

  • Excessive Unique IPs (WAF)

  • Account Takeover (BOT)

  • Website Scanners (BOT)

  • Content Scrapers (BOT)

For other violations, ensure if Metrics Collector is enabled. By default, Metrics Collector is enabled on the Citrix ADC instance. For more information, see Configure Intelligent App Analytics.

Enable Advanced Security Analytics

  1. Navigate to Infrastructure > Instances > Citrix ADC, and select the instance type. For example, MPX.

  2. Select the Citrix ADC instance and from the Select Action list, select Configure Analytics.

  3. Select the virtual server and click Enable Analytics.

  4. On the Enable Analytics window:

    1. Select Web Insight. After you select Web Insight, the read-only Advanced Security Analytics option is enabled automatically.

      Note

      The Advanced Security Analytics option is displayed only for premium licensed ADC instances.

    2. Select Logstream as Transport Mode

    3. The Expression is true by default

    4. Click OK

      Advanced security analytics

Enable Web Transaction settings

  1. Navigate to Settings > Analytics Settings.

    The Analytics Settings page is displayed.

  2. Click Enable Features for Analytics.

  3. Under Web Transaction Settings, select All.

    web-transaction-settings

  4. Click Ok.

Configure behavior check profiles

Citrix Application Delivery and Management enables you to select the behavior based violations. For Excessive Client Connections, Website Scanning, Unusually high upload transactions, and Unusually high download transactions violations, you can choose the sensitivity level as Low, Medium, and High. By creating a profile, you can decide how you want Citrix Application Delivery and Management to report the total number of anomalies for these violations.

To configure this setting:

  1. Navigate to Security > Security Violations.

  2. Click the settings icon that is available next to the time duration list.

  3. Under Behavior Based Checks, click Add.

    Profile

  4. Specify the following parameters:

    1. Behavior Based Check Profile Name – Specify a profile name of your choice.

    2. Select the Enable option. By default, this option is selected.

    3. Under Select Application, select the applications for which you want to apply the profile.

    4. Under Select Behavior Based Checks, select Low, Medium, or High to define the sensitivity level for those mentioned violations.

      Note

      By default, all other behavior-based violations are also enabled. If you disable any violation, Citrix Application Delivery and Management detects anomalies for these violations only based on a normal prediction.

    5. Click Create.

      Profile check

View application security violation details