Monitor your Application Firewall

• Log into VoltConsole.

• Click Multi-Cloud App Connect.

• Select your namespace from the drop-down menu.

• Click Virtual Hosts > HTTP Load Balancers.

• From the displayed list of load balancers, click on Security Monitoring for your load balancer. The Dashboard page is displayed by default.

• Inspect the Security Events section to view the snapshot of security events. This displays a list of security events in the last 12 hours by default.

• Click on any event to load its full information.

• Inspect the Top WAF Rules Hit section to check the WAF rule hit statistics.

• Inspect the Security Events by Location section to view the security events arranged in a map view. You can click on the location with hits to load the Security Events page.

• Inspect the Recent WAF and Policy Events section to view the list of recent WAF events.

Click on the Security Events tab. This shows various types of security events over default time frame of 12 hours in a graph view. This page also displays filters various types of events that are represented in different colored dots. Beneath the graph, the security event page displays the events in a list arranged into different tabs namely Security Events, Malicious User Events, and DDoS Events.

• Perform the following to inspect various security events:

  • Click on a dot to select or deselect those events from being displayed.

  • Click on the Add Filter option and select a key-value pair to apply specific filters. You can select available key-value pairs. You can also choose a custom entry. Type a key, click Select Custom Key, type a value, and click Select Custom Value to apply a custom filter.

  • Click on the time interval drop-down menu on the top right side of the page to select another time interval or specify a custom interval.

Security Events Inspect security events sub-page.

• Click the Security Events tab beneath the graph chart to view the list of security events. The following list provides information on each field of the list:

  • Time: Time the event was created.

  • Country,City: Location of the event.

  • Src IP: Source of the suspicious request.

  • Method: Method type of the HTTP request (GET, POST, DELETE, PUT, etc.)

  • Rsp Code: The HTTP response code (200, 403,404, etc.).

  • Rules Hit: Number of rules hit.

  • Authority: Load balancer domain.

  • Request Path: String of characters that unambiguously identifies a particular resource (for example, /testcase-6/test.com).

Figure: Security Events Page

Note: You can click > on any entry to display information of that event in fully expanded view. Select JSON tab to obtain the information in JSON format.

• Click ... for an entry on the list of security events and select one option as per the following guidelines.

  • Select Create Exception Rule to create exception for that event so that it is not flagged as a security event. This will open the load balancer edit form with a WAF rule to exclude this event. Enter name, select values for Exclude WAF Rules field, click Apply, and click Save and Exit in the load balancer configuration page to apply the exception rule.
  • Select Add to Blocked Clients to add this client to blocked clients. This will open the load balancer edit form with a rule to block the specific client. Click Applyand click Save and Exit in the load balancer configuration page to apply the blocking rule.
  • Select Add to Trusted Clients to add this client to trusted clients. This will open the load balancer edit form with a rule to allowlist the specific client. Click Applyand click Save and Exit in the load balancer configuration page to apply the trusted clients rule.

Note: Click Refresh on the top right side of the page to refresh the information displayed on the page. Click Hide Chart to hide the graph and show only events list.