Monitor your Application Firewall
This document provides instructions on how to monitor your application firewall. Volterra provides support to monitor your application for security. To know more about how Volterra secures your applications, see Security.
Using the instructions provided in this document, you can check the rules hit statitstics and security events for your virtual host.
Note: If you do not have an account, see Create a VES Account.
A virtual host in your edge or cloud site or in our global network cloud
Note: If you do not have a virtual host, create one. See How to Create a Virtual Host for more information.
Rules-based application firewall enabled on a virtual host
Note: See How to Configure App Firewall for more information.
Optionally, one or more cloud or edge locations with Volterra site
Note: Install the Volterra node or cluster image in your cloud or edge location. For more information, see How to Create a Site.
Monitor the Application Firewall
Monitoring your application firewall consists of inspecting application firewall and security events.
Step 1: Select the namespace where the app firewall and virtual host are created.
Step 2: Select
Mesh from the configuration menu and
Virtual Hosts from the options pane. Click
More on the right side of your virtual host.
Step 3: Among the loaded tabs, check for
App Firewall and
Security Events tabs as these are used in monitoring the firewall.
Step 4: Click on the
App Firewall tab. The following list provides information on each field.
- Rules: Displays how many rules were hit and how many security events were detected
- Top Rules Hit: Displays the description of the top rules that were triggered
- OWASP Rules: Displays how many CRS rules are enforced and how many are disabled
- Rule Hits by Severity: Displays the severity of the rules and how many hits in each severity level
- Security Events by Location: Displays the origin of a security event on map and the severity of the event.
- Last 5 Security Events: Displays the last five triggered security events along with the description and detected time.
- Top Hits: Displays the rules that were triggered and the number of times each one was triggered
Step 5: Click on the
Security Events tab. The following list provides information on each field.
- Time: Time the event was created.
- Client IP: Source of the suspicious request
- Dst.Service: The tag name of the specific service that is the destination of the suspicious request
- Request Method: Method type of the HTTP request (GET, POST, DELETE, PUT, etc.)
- Response Code: The HTTP response code (200, 403,404, etc.)
- Length: The HTTP request length in KB (Kilobytes)
- URI: Uniform Resource Identifier (URI) is a string of characters that unambiguously identifies a particular resource (for example /testcase-6/test.com)