Follow

False Positive Analysis for Web Traffic

Description

  • This article provides guidance for how to confirm that Shape Defense is working as expected on your website after it has been enabled for real users. Specifically, you will need to determine if any legitimate traffic is marked as automation.

Return to Integrating Shape Defense

 

Environment

  • Shape Defense for Web

 

Procedure

Although this documentation provides some guidance, this is a creative process. Explore your traffic reports and examine anything unexpected. Resolve all issues before you move to blocking mode.

 

Access Shape Defense Summary

Screen_Shot_2021-03-02_at_12.05.23_PM.png

 

Identify False Positives

Is any traffic marked as non-human? If yes:

  1. What is the automation Type of the non-human traffic? See Automation Types
  2. Does the traffic marked as malicious have a diurnal pattern? Pattern which increases during the day and drops at night? This might be indication of human traffic.
  3. Look at the distribution of IPs and the countries they are from. Does this distribution look like its coming in from your normal user base?
  4. Look at the User-Agent field. Is there any suspicious User-Agents present? You can also identify wanted automation (Test Tools, SEO bots etc.) through this technique.

If you noticed legitimate traffic being flagged as automation, determine if it can be put onto the allowlist.

 

Contact SOC (support@f5silverline.com) if there are any questions.

 

Related Content

Return to Integrating Shape Defense

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request