WAF & logging integrations added | Fastly
We offer our web application firewall (WAF) because we know how important it is to be able to see your security events and notifications in real time, address issues on the spot, and get back to building and delivering excellent user experiences. But we also know the sheer amount of this data, while valuable, can be time consuming to parse through.
That’s why, for those looking for more of an out-of-the-box solution, we’ve created a templated visual dashboard using integrations with BigQuery and Looker that help you effectively monitor security events on your sites and applications, in real time.
A look at how the data is gathered
Fastly’s WAF incorporates the OWASP Core Rule Set — combined with commercial resources and our own research — to offer more comprehensive protection. It covers the OWASP Top 10 web application security risks and enables protection for new exploits using well-known techniques.
As a request goes through the OWASP rules, it can trigger multiple rules from different attack categories — SQL injection, Cross-Site Scripting attacks, HTTP Protocol Violation, etc. The request accumulates a score based on the triggered rules, and a user-configured threshold is checked to determine if a request should be blocked or passed to the origin. These rules enable you to detect anomalies, as well as determine the shape of a request and if it’s malicious.
Take a tour of the dashboard
The templated visual dashboard includes 15 pre-built charts you can use to analyze your application’s traffic and security in real time. Once it’s up and running, you’ll have both a high-level view of your WAF traffic, as well as a granular look at any malicious activity on your site — like XSS, SQL Injection, and Remote Command Execution. Get a taste of some of the most helpful dashboards below:
Traffic overview
See trends and rapidly identify anomaly patterns, such as attacks or a sudden surge in traffic. It shows the total number of requests for a selected period, with each request identified as WAF Passed, Blocked, or Logged.
Top 10 Logged IPs & Top 10 Blocked IPs
See the IPs that generated the most requests to your site and were either logged or blocked by the WAF.
WAF Logged & Blocked Traffic Analysis
See a dynamic picture of undesirable traffic to your site. They provide in-depth details on the requests that triggered WAF rules and that were either blocked or logged. This can help to rapidly detect and identify malicious patterns that could harm your application. ACL or custom VCL code could be leveraged to block these identified patterns with Fastly’s instant configuration change via API call.
Additional pre-built charts:
Logged & Blocks by Country
A map chart that provides insight on the countries from which we see the highest number of requests triggering WAF rules against your site.
Top URLs Blocked and Logged and Top 10 Rules Logged and Blocking
Get a more granular view of the malicious activity detected on your site, providing insight into the different types of attacks detected by the WAF. See what parts of your site are the most targeted with details of the most frequently triggered WAF rules.
WAF Traffic (Daily)
See the number of requests on which WAF is executed on a daily basis. It includes both WAF blocked and logged requests and gives a high-level view of the traffic that goes to your origin and the trends over a day period.
Top Rules with IP Count (Logged & Blocking)
See WAF rules on which the highest number of requests are triggered filtered by distinct IP count. They provide WAF rules descriptions and additional details on the security events.
If you are already a WAF customer and want to use BigQuery as a logging endpoint, combined with Looker for data visualization, take a look at this GitHub repository for the template source code. You can sign up for a Looker account (they offer a free trial) and try the dashboard.
Not a Fastly WAF customer yet? Get in touch with one of our experts to talk through how it can help secure your sites.
