FAQ - Security Dashboard - Getting Started

The security dashboard will show you request traffic made to your site. Using the filters you can drill into specific events by criteria you indicate from the interactive filters. However, Yottaa has pre-formatted reports available to get you started.

 

Pre-formatted Reports:

Note: All default reports will use the current time range; you can either adjust the time frame before or after running the default report.

From the Security Dashboard click the gear next to your site's domain to access the pre-made reports.

 

Blocked TrafficWill filter and display requests to your site that have been met with a (Forbidden) 403 error.           

Throttled Traffic – Will filter out requests to your site that have been met with a (Too Many Requests) 429 error.

Threat SignaturePulls through blocked requests that match Advanced WAF settings.

Note: Advanced WAF is an additional service; if you are interested in this feature please reach out to your account owner.

 

Share Reports:

 Using default reports, or after customizing the filters you can use the Export as PDF option.

 

Alternatively you can send the URL to the customized report, however the person receiving the URL must have a login to the Yottaa portal in order to view and interact with the report.

 

Filter Walk Through 

There are a number of filters you can apply to your reports to help identify a particular set of connections. These filters cover a range of options that give a deeper look into connections, methods, hosts, and types.

 

FW ActivityBy default the dashboard shows requests that are either accepted or blocked by the firewall. Selecting the "firewalled" option will drill down into how the firewall processed the request.

Note: In the example after a firewalled request has been selected, the next image shows all requests that hit the firewall were redirected.

   

          

FW TypeThis will show you all blocks made by the Firewall based on the rules configure in the “Yottaa Firewall”.

Note: There are no default rules set up on an account level.

 

 

Response CodesBy default the Dashboard will use error code categories marked as 2xx, 3xx, 4xx, & 5xx. Selecting one of the response code categories will present all errors within that category.

Note: In the example 3xx is the response category, and the next image shows the separate codes that appear within 3xx.

    

           

HTTP MethodThis filter allows you to separate requests by http method. (GET, POST, HEAD, etc…)

 

 

Served FromThis filter allows you to identify the source of the request. You will be able to filter between Yottaa served or Origin served requests.

 

 

Content TypesAllows you to distinguish the different types of content the requests came through as. (Image, Text, Application, etc…)

 

 

Apart from the filters the top of the Dashboard allows for different controls within Traffic Analytics. These controls are described below.   

Requests Counter – Will show you the total number and percentage of requests adjusting as you modify the filters

Note: Below you’ll see the total number of requests. Adding a filter will give you the total requests for the filters you apply with the percentage of those requests from the overall total.

    

           

Date – Time Range – There are 5 preset time parameters, or you can customize the time range up to 7 days prior to the current date.

 

 

Search Field – To get a quick return of results you can search on specific Client information (IP & User Agent), or on a specific URL. This is helpful if you are looking for specific information, you can latter apply further filters.

Note: The search field will take portions of a complete string successfully, useful for user agent & URL searches.

 

 

Clearing Filters – Once you’ve applied a filter there will be a bubble in the top bar indicating the active filter. Simply hover over the filter name, and click on the trash can icon to remove the filter.

  

 

Invert Filter selection – If you wish to filter out a specific data set you can apply the filter, and then select the invert option by hovering over the filter bubble.

Note: The filter bubble will turn red when the invert option is active.

   

 

Graph & Charts 

Requests Count – By default the chart view presents the number of requests on the y-axis, and the time line is represented on the x-axis.

Note: When a filter is applied, you have the option to change the y-axis to represent the percentage of traffic against the total with the filter applied.

 

Hover – Hold your mouse over any area of the graph to see detailed information on the time indicated below. The popup shows the request total that match the applied filter, and the percentage of the filter match request from the total request during that time.

Note: The lowest interval is 1 minute, but it can change when expanding the overall time frame of the dashboard. 

 

Zoom In - When looking at a spike in traffic you can interact with the graph to drill further into a portion of the graph to drill down into the time frame. Use the click and drag functionality over any area you wish to inspect.

 

Stack View – If you would like a visual representation of data from one of the filters you can use the Stack Trendline option located in each filter.

Note: When data is stacked in the graph the hover function will contain detailed information based on each data item.

       

All charts will show the top 10 request generators. The option to export to CSV is available by clicking on the option shown here:. Exporting to CSV will show the top 1000 requests for that specific field with the added percentage field. 

Note: Charts with the  icon will allow you to drill into individual items for further information. You must hover over the desired row, and click on the icon to view the separate panel.

 

Countries – Reveals end user’s geo-location based on the ip2location database.

IPs  - The client IP is determined by the requesting IP if there is no X-Forwarded-For header.  If there is an X-Forwarded-For, it will be the left most, non-reserved, IP. 

User Agents – Using the java library user-agent-utils we are able to parse through the requester’s user agent.

URLs  – Displays the URL requested by the end user.

Referrers – Displays the URL calling an object. Objects called from another resource, not necessarily the page, will have a referrer URL.

 

Using the inspect panel () will present some firewall options. This actions are presented here for convenience, but can be controlled from the Security tab in the Yottaa portal.

 

Have more questions? Submit a request

Comments

Powered by Zendesk