Bot logging
The CWAAP Bot Logs section displays an overview of counter measures and associated violations that have been configured and triggered. The log type identifies an entry as either a “Violation” or as “Info.”
Note:
The CWAAP bot configurations do not trigger a violation log entry, as they are not technically violations. However, these events are included in the “Requests” count on the bot dashboard.
Following is a list of bot protection techniques and its associated log entry.
Bot technique | log |
---|---|
BOT_Allowlist | “Allow list” |
BOT_CAPTCHA | Wait time: “Captcha max wait time”, Invalid Captcha: “Invalid Captcha Submission. |
BOT_TRAP_URL | Trap URL: “Trap URL Request” |
BOT_DEVICE_FINGERPRINT | Bot Log: “Device Fingerprint Bot Request” |
BOT_STATIC_SIGNATURE | “Bot signature matched” - Type: GOOD (Action: LOG) |
To view the CWAAP analytics, select Analytics from the left-hand navigation menu, select BOT, and then select Logs.
Bot log filter
The CWAAP bot logs filter option has a drop-down menu that allows you to select any configured Asset for your account. By default, the All Assets (Combined) is selected.
Log types
The Log Type dropdown menu allows you to select either:
- All
- Info
- Violation
Field and text
The Field search menu allows you to select a specific Field or Value type to display the CWAAP results for.
- All
- Source IP
- Destination IP
- Host
- URI
- counter measure
- Action
- Reason
- Domain
- Profile
- Node
- Transaction ID
- Timestamp
- Country
- City
After selecting the field type, you can provide the matching search criteria in the Enter Text field to further narrow down your search results.
Bot log export
The CWAAP bot logs displayed on the screen can be exported into either to a PDF or a JSON format.
Bot log violation
The results displayed in the Bot Violation Logs section capturex details to identify the violation, protection technique and bot action applied for the violation.
Each entry captures the action that was taken (due to bot protection techniques configuration), the impacted policy, the offending Source IP address, the originating country for the offending IP, and the reason for the bot protection techniques to occur. Clicking Application, Source IP, or Country links take you to the Enrichment details page, that displays the detailed description for each these parameters.
For example, clicking the Source IP address link displays the IP Intelligence Results enrichment page, and provides identifying information that is associated with the offending IP address.