Follow

How to View Reports and Filter Metrics in Shape Defense (SSD) Summary

Description

  • How to view reports / metrics for Shape Defense.
  • How to monitor Shape Defense
  • Shape Defense Summary

 

Environment

  • Silverline Shape Defense
  • Silverline Portal
    • Shape Defense Summary
    • Dashboards
  • Bot defense
  • Bot protection
  • Anti-bot

 

Procedure

There are 2 places to view reports on Shape Defense:

Shape Defense Summary: How to View, Filter, and Download

  1. In the Portal navigation, go to Monitor & Analyze > Shape Defense Summary.
  2. View the dashboard, which has 4 sections (click to view more details):
    1. Traffic Types graph
    2. Traffic Actions graph
    3. Requests - Top 10 table
    4. Events table
  3. Filter the entire page by selecting Filter in the upper-left
    1. Note: Default filters exclude JavaScript and SDK Config Fetch requests. Click X to remove, if desired.
      • Screen_Shot_2021-02-11_at_5.12.51_PM.png
    2. Fill in the following:
      • Field - which field you want to filter on
      • Operator - whether you want to include ("is) or exclude ("is not") the text written in the text box
      • Text box - what specifically you want filtered in or out
        • Click in the text box to see possible values in drop-down.
    3. Click Add
    4. Filters save on the page until you either clear individually or Clear all.
      • Example:
        • Screen_Shot_2020-10-19_at_5.56.26_PM.png
        • Screen_Shot_2020-10-19_at_5.56.40_PM.png
        • Screen_Shot_2020-10-19_at_6.07.17_PM.png
  4. Alternatively, filter on individual graphs by clicking on the name in the legend of what you want to filter to and selecting the blue filter icon.
    • Screen_Shot_2020-10-19_at_6.33.10_PM.png
  5. Set the time range for the entire page's data by using the date selector in the upper-right
  6. Download Shape Defense Events in CSV format by clicking the blue Download button in the upper-right
    • If you filter the results on the page before clicking the download button, the downloaded file will contain only the filtered results.

 

Descriptions of Shape Defense Summary Sections

Click to jump to section:

 

Traffic Types

Traffic type as determined by Shape Defense:

  • Human - probably legitimate traffic from human source
  • Malicious - suspected illegitimate traffic from automated bot
  • Malicious (Failed Challenge) - requests for Web Scraping that were not able to solve the Interstitial Challenge
  • Javascript - the javascript file that will be inserted in the requests by Shape
  • Allowlist - this traffic was automatically allowed through because its on an Allowlist (How to Allowlist IP addresses for WAF Services)
  • Unavailable -  In the event that the Shape systems are unavailable to receive Requests for inspection, the Request will be passed directly to the Customer Back End
  • Challenged -  These events are part of the Web Scraping challenges.

mceclip0.png

Graph features

  • View as Pie chart or Stacked area graph by clicking pie or line diagram in upper-right of the graph.
    • Screen_Shot_2020-11-12_at_4.04.36_PM.png
  • Hover on stacked area chart to show (a) quantity of requests and (b) as a percentage of all traffic for that endpoint
    • Screen_Shot_2020-11-12_at_4.01.54_PM.png
    •  
  • Filter on individual graphs by clicking on the name in the legend of what you want to filter to and selecting the blue filter icon.
    • Screen_Shot_2021-02-02_at_6.50.41_PM.png

 

Traffic Actions

Action (Allow, Flag, Block, Redirect, N/A, or Challenged) that was taken on any traffic labeled as automated by Shape Defense, configured on How to Configure Shape Defense (SSD)

N/A is always associated with JavaScript traffic type

Screen_Shot_2021-02-02_at_6.55.54_PM.png

Graph features

  • View as Pie chart or Stacked area graph by clicking pie or line diagram in upper-right of the graph.
    • Screen_Shot_2020-11-12_at_4.04.36_PM.png
  • Hover on stacked area chart to show (a) quantity of requests and (b) as a percentage of all traffic for that endpoint
    • Screen_Shot_2020-11-12_at_4.03.15_PM.png
  • Filter on individual graphs by clicking on the name in the legend of what you want to filter to and selecting the blue filter icon.
    • Screen_Shot_2020-10-19_at_6.37.04_PM.png

 

Requests - Top 10

Top 10 requests to endpoints protected by Shape Defense, as ranked by the selected feature in the upper-right. Change the selection by clicking the drop-down menu By _______

 

Example 1: Top 10 Source IPs with the most requests

Screen_Shot_2020-10-19_at_5.55.23_PM.png

 

Example 2: Top 10 Countries where requests originated from

Screen_Shot_2020-10-19_at_6.40.46_PM.png

 

 

Events

  • Each time that Shape Defense is triggered to categorize traffic, this is counted as an Event.
  • Event table columns
    • Column Name Description

      Timestamp

      Date and time of event
      Application Name Your application that has Shape Defense turned on
      Method

      Method for this end point, configured on How to Configure Shape Defense (SSD)

      Host Your application's host
      Path Endpoint path where inbound traffic was headed before it was sent to Shape Defense
      Application Type Application type (Web or Mobile)of this endpoint, configured on How to Configure Shape Defense (SSD)
      Source IP Source IP of incoming traffic
      XFF X-Forwarded-For IP of the client
      Country Originating country of incoming traffic 
      Referer Referring URL
      Traffic Type

      Traffic type as determined by Shape Defense:

      • Human - probably legitimate traffic from human source
      • Malicious - suspected illegitimate traffic from automated bot
      • Javascript - the javascript file that will be inserted in the requests by Shape
      • Allowlist - this traffic was automatically allowed through because its on an Allowlist (How to Allowlist IP addresses for WAF Services)
      • Challenged -  These events are part of the Web Scraping challenges.
      Automation Type Q&A: What Does The Automation Type In The Shape Defense Summary Report Mean?
      Action

      Action (Allow, Flag, Block, Redirect, N/A, or Challenged) that was taken on any traffic labeled as automated by Shape Defense, configured on How to Configure Shape Defense (SSD)

      N/A is always associated with JavaScript traffic type

      User Agent Exact user-agent (browser) string

 

Related Content

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request