Key concepts
Malicious Bot: An automated program that operates with malicious intent, using automated methods to attack target systems, steal data, or perform other malicious operations.
Suspected Bot: An automated program that exhibits some bot characteristics but lacks direct evidence of attack traces or clear intent, requiring further verification of its access purpose.
Legitimate Bot: An automated program that is authorized and encouraged to access the website, typically used for legitimate purposes such as search engine indexing, website health checks, and data analysis.
Client ID: A client identifier (such as a browser or application). The system identifies the source type of HTTP requests based on features such as User-Agent information and traffic fingerprints.
Web UMID: A unique device identifier for web clients, used to help security teams identify abnormal traffic.
App UMID: A unique device identifier for app clients, used to help security teams identify abnormal traffic.
JA3 Fingerprint: A string generated by applying MD5 hashing to key parameters in the TLS handshake process, including the TLS version, cipher suites, compression algorithms, and TLS extensions. This fingerprint represents the TLS configuration of a client and can identify and differentiate types of TLS clients such as web browsers, mobile applications, and malware.
JA4 Fingerprint: A fingerprint that builds on JA3 by incorporating additional contextual information and algorithms, such as browser version and operating system. This fingerprint effectively reduces the collision issues found in JA3 fingerprints, enabling more accurate identification of genuine users versus impersonators and lowering the false positive rate.
HTTP/2 Fingerprint: An identifier generated by applying the MD5 algorithm to the raw fingerprint of an HTTP/2 client. This fingerprint is used to analyze and identify different clients to ensure secure and efficient communication.
If you detect an abnormal number of requests from a specific Client ID, Web UMID, App UMID, JA3 fingerprint, JA4 fingerprint, or HTTP/2 fingerprint, you can configure Advanced Bot Custom Rules to block them.
Procedure
In the left-side navigation pane, choose .
NoteIf you have not activated or trialed Bot Management, you can use the information displayed on this page to get a preliminary assessment of bot traffic trends. To use the full feature set, activate Bot Management or apply for a trial. For more information, see Configure advanced custom rules.
The Traffic Analytics page supports the following operations:
Filtering and Search: The top of the page provides filter conditions for time range, protected object, Referer, domain name, request path, attack IP address, and User-Agent. When you enable advanced search mode, the system returns only records that match all specified conditions.
Protection Overview: This section displays trend charts for malicious bots, suspected bots, and legitimate bots. Hover over any point on the trend chart to view the specific counts for each bot type at that moment.
Top Data Analysis: The lower section of the page displays the following Top statistics.
Feature
Description
Top IP Addresses by Traffic Type
Displays the top 10 IP addresses by count of Malicious Bot, Suspected Bot, and Legitimate Bot requests.
Top IP Addresses by Rule Type
Displays the top 10 IP addresses by the number of different rule tags matched.
Top Client Types
Displays statistics for the top 10 counts of four identifier types: Client ID, Web UMID, App UMID, and Client Type.
Traffic Fingerprint Statistics
Displays statistics for the top 10 counts of three fingerprint types: JA3 Fingerprint, JA4 Fingerprint, and HTTP/2 Fingerprint.
Top Request Headers
Displays the top 10 values for four request header types: Host, Path, Query Parameters, and Referer.
Top Protected Objects
Displays the top 10 protected objects by request count.
By default, data for Today is displayed. You can also query data from the Last 15 Minutes, Last 30 Minutes, Last 1 Hour, Last 24 Hours, Today, Yesterday, Last 7 days, or Last 30 days.