Follow

How to Filter WAF Violations by Proxy IP in WAF Violations Assessment

Description

  • This article explains how to filter WAF Violations by proxy using the proxy's Front End IP, you can submit a WAF Violation Assessment with this filter applied. 
    • WAF Violation Assessment is a grouping of violations that have been filtered applied by users submitting the assessment for evaluation for the SOC to determine false-positive violations to tune/resolve.
    • More details in How to Create WAF Violation Assessments
  • Silverline WAF customers may be accustomed to grouping WAF violations by policy name, but under certain circumstances, this may not be the most logical. 
  • In the instance where a single WAF policy is used to protect many different applications or proxies, Silverline recommends filtering WAF violations by the proxy IP

Environment

  • Silverline WAF
  • Proxy/Proxies
  • Silverline Portal
  • WAF Policy/Policies
  • WAF Violation(s)
  • WAF Assessment

Procedure

1. First, go to the Proxy Configuration page at Config > Proxy Configuration > Proxy Management

2. On the Proxy Management page, find the proxy for which you want to create a filter. 

3. Identify the Front End IP address associated with the proxy, and write it down (to use in Step 6).

 

4. Now, navigate to the WAF Assessments page at Monitor & Analyze > WAF Assessments

5. On the WAF Assessments page, click Create Assessment (upper-right) to build a new filter.

WAF-Assessment_Create-Assessment.png

6. Scroll down to Refine Query, and select Destination IP from the left drop-down.  Enter the Front End IP address you found in the previous step in the text box.

 

7. You can now hit Refresh Results to see the list of violations against the proxy with this frontend IP. Note (as of 4/2019): There is planned functionality to permit searching by the Proxy Name as well. 

WAF-Assessment_Refresh-button.png

8. Adding Additional Filters: From here, you can add additional lines to the filter to drill-down into the logs. See How to Create WAF Violation Assessments for more details on this process.

 9. When ready, submit the WAF Violation Assessment to the SOC by clicking Request Assessment.  Upon submission, this opens a support ticket with Silverline Support on your behalf. Throughout the process, the assessment is also tracked directly within our portal for details related to the violations.

WAF-Assessment_Request-button.png 

Related Content

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request