Enrichment
The CWAAP WAF enrichment section displays an enhanced overview for a selected destination IP address, Source IP address, or country.
The Enrichment details provided include:
- IP Intelligence Results
- Violation Logs - Graphical Data
- Violation Type - Graphical Data
- Violation Log Details
Field and Search Options
To display results for a specific field type, use the Select Field drop-down menu and select one of the following.
- Destination IP
- Source IP
- Country
In the Search field, provide either IP address or the desired Country to return results for
Date Range Filter
The Date Range filter provides two methods of customizing the data that is displayed on the WAF Dashboard.
Custom Date Range
The displayed date range selection field opens the pop-out calendar window, which allows you to select a beginning and end date, and selecting a custom time range as well.
Clicking the calendar icon allows you to quickly navigate through months, and years to select the beginning and end dates. Also, you can manually type in the desired date instead of using the calendar option. The maximum number of days in the past that can be captured is 90 (90) days from the current date. Click the green checkmark icon once you have selected your custom time frame to view the results
Quick Select Date Range
Instead of creating a custom time frame for your dashboard results, you can use one of the pre-configured quick select date range options. By default, the Dashboard displays the results for the previous seven days (7D).
- 1H - Displays the result details for the previous hour.
- 3H - Displays the result details for the previous three hours.
- 12H - Displays the result details for the previous 12 hours.
- 1D - Displays the result details for the previous calendar day.
- 7D - Displays the result details for the previous seven calendar days (week).
- 30D - Displays the result details for the previous 30 days (calendar month).
IP Intelligence Results
The IP Intelligence Results section displays an overview of the selected IP Address details. The IP Intelligence details are powered by the CWAAP IPR (IP Reputation) Service.
Violation Logs
The Violation Logs section displays a graphical representation of the last six days and the number of violations that occurred per day.
Violation Type
The Violation Type section displays a graphical representation of the offending violation types and the total number of violations that occurred in correlation to the Violation Log timeframe.
Violation Logs Details
The Violation Log Details table displays a comprehensive overview of the violation that was captured for the selected IP Address or Country for the date range identified in the Violation Logs graph.
Additional Features
Each Violation Log entry in the table has more features that can be utilized to further enhance the usage of the Violation Log details.
View Details
The View Details feature displays a more detailed overview of the violation details. Clicking the Policy URL will redirect you to the Policy Configuration page for the policy that generated the violation log.
The blue “i” icon shows the full path details that might be condensed on the Violation Log Details screen due to length restrictions.
The double paper icon is a copy + paste option, as doing a manual copy and paste of the details might not work as the details might be truncated on the page.
Click the Show Raw Headers icon to view all of the Raw Headers.
IP Filter
Selecting the Add IP Filter button will add the selected IP address to the Blocked list for the account. On the pop-out window, the IP / CIDR address is listed (which can be edited), as well as an indicator for Blocked (selected by default), or Not Blocked. Once you click Save, the IP address filter will be added to your policy (which can be found in the View Details section).
Relaxation Rule
Selecting the Create Relaxation Rule adds the selected violation log entry to the allowed list for the account. The Violation Reason will determine the possible configuration settings for the Relaxation Rule. Once you click the Save button, the Relaxation Rule is added to your configured policy (which can be found in the View Details section.