Follow

How to View WAF Violation Logs in WAF Violation Summary

Description

How to review WAF Violation Logs within the customer portal.  

Logs contain the following info:

  • what traffic was blocked, when the WAF policy is in blocking mode)
  • what traffic was alerted (would have been blocked), when the WAF policy is in transparent mode
  • and the specific details of the request which triggered the violation. 

Update: Request access to WAF Violations Summary V2 in Beta

Customers who want access to the WAF Violations Summary V2 can ask the SOC to enable the beta feature for them.

More details on WAF Violation Summary - Version 2 Overview

 

Environment

  • WAF customers
  • WAF Violations
  • Silverline Portal
  • WAF Violation Summary page

 

Procedure

  1. Navigate to Monitor & Analyze > WAF Violation Summary
    • Groups violations by Violation Type, Attack Type, and Policy Name
    • Search by Client IP or Support ID, or use Advanced Search.
  2. Click the name of any Violation (highlighted below) to see its Violation Logs.
    • click "All Violations" at the top to see all Violation Logs.
    • WAF_Violation_Summary_--__Groupings_Highlighted.png
  3. The Violation Log page shows a more detailed list of all Violations matching the selected sub-category (or "All Violations" if selected).
    • Each violation log entry includes:
      • Support ID (a unique identifier for each violation)
      • time-stamp
      • Request Status
      • Client IP
      • URI
      • Violations
      • Attack Type
      • Host IP
      • Violation Rating -- What is WAF Violation Rating?
  4. Click the Support ID to review each violation log in detail.
  5. The WAF Violation Log Detail page has 3 tabs:
    • A) The Details tab is arranged in groups showing Violation information, Network details, HTTP Request details and WAF Policy information.
      • Click the Policy Name in Policy Information to jump to WAF Policy Details page.
      • WAF_Violation_Log_Details.png
    • B) The Request tab shows the specific HTTP Request data.
      • WAF_Violation_Log_Request.png
    • C) The Violation XML tab shows the XML formatted version of the Violation
      • WAF_Violation_Log_Violation_XML.png

 

 

 Related Content

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request