Follow

How to Use the Search Functionality of the WAF Violation Summary

Description

  • The intent of the article is to provide a process to utilize the WAF Violation Search functionality of the Silverline Portal
  • After reviewing this article, the reader should be able to use the search function to find/locate specific violations to review. 

Environment

  • Silverline WAF
  • Silverline Portal
    • WAF Violation Summary

Procedure 

On the WAF Violation Summary page, users can use the basic Search bar or the Advanced Search option to search and filter the list of Violations.

 

Portal Navigation: WAF Violation Summary

1. Navigate to Monitor & Analyze > WAF Violation Summary.

2.  The WAF Violation Summary page groups violations by Violation Type, Attack Type, and Policy Name. Search and filter the violations by using the 2 options for search in the upper-right:

WAF_Violation_Search_WIDE.png

 

Basic Search Bar

WAF_Violation_Basic_Search.png

The Basic Search box is capable of searching for the following fields:  

  • Support ID
  • Client IP Address
  • WAF Policy Name
  • Violation Status (ex. "blocked")
  • Attack Type (ex. "Abuse of Functionality")
  • Violation Type (ex. "Illegal meta character in value")

 Note: If for some reason the Support-ID that you searched came up empty, please try to use the Zoom option in the Date range to set it to 6m after reloading/refreshing the page.

 

Advanced Search

WAF_Violation_Advanced_Search.png

Users may choose to create and save Advanced Searches for WAF Violations.  The Advanced Search capability enables users to set explicit search criteria and logic, then save those searches for future use.  

The Advanced Search differs from the Basic Search on the WAF Violation Summary page in that the Basic Search can only search for a few fields (see above section on Basic Search for a list), while Advanced Search can search on all fields within a Violation.

 

Advanced Search Fields

The Advanced Search configuration window allows the user to:

  • Set the Initial Logic for the search to AND or OR.  This logic will be applied to the subsequent Rules or Groups.
  • Add or Remove Search Rules.  A Search Rule is a definition containing the Violation element to be searched, the logic function to be applied and the value to be compared.
  • Add or Remove Search Groups.  A Filter Group is a collection of Search Rules that are collectively evaluated with AND or OR logic within the group.

Users can leverage these Groups and Rules to create customized queries based on their needs and can review the results consistently by saving the defined searches.

Violation Details that are returned via the Advanced Search are viewable by clicking on the Support ID link for the found violations.

 

Saved Searches

Saved Searches are available via the "Saved Searches" button shown at the top of the Advanced Search page.

Screen_Shot_2019-06-18_at_2.21.31_PM.png 

Related Content

Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request