Citrix Application Delivery Management service

WAF violation details

Unusually High Upload Transactions

Note

Ensure you enable the advanced security analytics and web transaction options. For more information, see Setting up.

Using the Unusually High Upload Transactions indicator, you can analyze the transactions with the unusually high amount of data uploaded to the Citrix ADC instance.

High upload

Under Event Details, you can view:

  • The affected application. You can also select the application from the list if two or more applications are affected with violations.

  • The graph indicating all violations

  • The violation occurrence time

  • The detection message for the violation, indicating the total uploads that exceeded the configured limit

  • The anomalous uploads. Click the number to view details

Unusually High Download Transactions

Note

Ensure you enable the advanced security analytics and web transaction options. For more information, see Setting up.

Using the Unusually High Download Transactions indicator, you can analyze the transactions with the unusually high amount of downloaded data from the Citrix ADC instance.

High download

Under Event Details, you can view:

  • The affected application. You can also select the application from the list if two or more applications are affected with violations.

  • The graph indicating all violations

  • The violation occurrence time

  • The detection message for the violation, indicating the total downloads that exceeded the configured limit

  • The anomalous downloads. Click the number to view details

Excessive Unique IPs

Note

Ensure you enable the advanced security analytics and web transaction options. For more information, see Setting up.

Using the Excessive Unique IPs indicator, you can analyze if the Citrix ADC instance is transacting with the abnormally high number of IP addresses.

Unique IPs

Under Event Details, you can view:

  • The affected application. You can also select the application from the list if two or more applications are affected with violations.

  • The graph indicating all violations

  • The violation occurrence time

  • The detection message for the violation, indicating the total unique IP addresses transacting than the expected range

  • The accepted range of unique IP addresses

Excessive Unique IPs per Geo

Note

Ensure you enable the advanced security analytics and web transaction options. For more information, see Setting up.

Bad bots are capable of making more visits to a web application than the human users accessing the application. This activity from the bad bots can result in slow performance of the web application or any other performance issues. As an administrator, you must analyze and block the bad bots accessing the web application.

Using the Excessive Unique IPs Per Geo indicator, you can analyze the unusually high number of IPs accessing the application from a particular location.

Unique IPs per Geo

Under Event Details, you can view:

  • The affected application. You can also select the application from the list if two or more applications are affected with this violation.

  • The Geo map that displays the total anomalies based on the regions.

  • The location and total unique hits from where the application is accessed. You can also select the location from the list, if the application is accessed from two or more locations.

  • The graph indicating the violations.

  • The violation occurrence time.

  • The detection message for the violation, indicating the total unique IP addresses transacting than the expected range.

  • The accepted range of unique IP addresses.

WAF violation details