Question
- Where can I see the Violation Count per WAF Policy?
-
Does the SOC have a way to report on false negatives?
-
Does the SOC have a way to report on the number of times a policy failed to block a violation?
Environment
- Silverline WAF
- Reporting
Answer
- At the bottom of the WAF Violation Summary page in your Portal account, it breaks down violations count per WAF policy/policies. - How to View WAF Violation Logs in WAF Violation Summary
- You can export/forward WAF violation logs from Silverline to your SIEM endpoint in real-time
- In addition, each user has an option in their Portal account for WAF Violation E-mail Frequency where a summary of WAF violations can be sent automatically on a daily, weekly, monthly bases or never receive them at all, to the e-mail address associated with the Portal account