Security analytics shows WAF and bot management data, including blocked, observed, and other request metrics. Use this data to fine-tune your protection rules.
Analysis dimensions
-
Filter: Filters by Host, HTTP Version, and Client IP. Only matching data is displayed.
-
Query time: By default, data for the Last 24 Hours is displayed. You can set a custom range to query data from the last 30 days.
View security analytics reports
During traffic spikes or suspected attacks, use security analytics to analyze HTTP/HTTPS traffic in real time. Compare traffic against your baseline for legitimate requests by examining header structure, payload patterns, and access frequency. For anomalous traffic such as SQL injection or CC attacks, the WAF DPI engine dynamically loads predefined or custom rulesets to block malicious requests and trace attack sources.
Data in Security Analytics is delayed by about 5 minutes.
Account level
View protection data across all sites in your account from a centralized dashboard.
-
Log on to the ESA console. In the navigation pane on the left, choose .
-
On the Security Analytics page, you can view protection information and use the Filter to select the data you need. You can click the
icon to print the page report or click the 
icon to download the data as a CSV file for local analysis.
Site level
You can also view protection data for individual sites.
-
In the ESA console, go to Websites. In the Website column, click the target site.
-
In the navigation pane on the left, choose .
-
On the Security Analytics page, you can view protection information and use the Filter to select the data you need. You can click the
icon to print the page report or click the icon to download the data as a CSV file for local analysis.NoteProtect against unusual traffic covers anomaly response. You can create rules by clicking Create Custom WAF Rule from Filters or Create Bot Management Rule from Filters.
Data overview
The data overview tab shows Request Analytics, Bot Analytics, and Rate Limiting Analytics. Click the icon to download data as a CSV file.
Sampling logs
Sampling logs capture HTTP/S traffic details through adaptive sampling, including Time, Bot Type, Client IP, and Path. Click 
to expand details.
Use the Filter to narrow results and click OK to apply. This example filters sampling logs by the Definite Bots type:
-
On the overview tab, click the Bot Analytics tab. In the Definite Bots section, click Filter.
-
The Sampling Logs area displays sampling logs for the Definite Bots type. Click
to view details.
Create protection rules from filter conditions
Filter data by time and other conditions to view request, bot, and rate limiting analytics. You can also create WAF custom rules, bot rules, or rate limiting rules directly from the current filters.
Only the Enterprise Edition supports creating bot rules from filter conditions.
-
On the Security Analytics page, to the right of the filters, click
Create rule from filter conditions.NoteOn the Request Analytics tab of the Overview module, you can select Create Custom WAF Rule from Filters. On the Bot Analytics tab of the Overview module, you can select Create Bot Management Rule from Filters. On the Rate Limiting Analytics tab of the Overview module, you can select Create WAF Rate Limiting Rule from Filters.
-
On the new rule page, enter a Rule Name, select an action, and click OK. The rule takes effect immediately.
Watch the following video to learn how to create protection rules from filters.