Security Analytics

The Security Overview page is reached from the Security section of the navigation panel:

At the top of the page is a Filters menu. You can filter by Time and by Domains. Analytics are shown for the last 24 hours by default, relative to your local time zone. Data for all domains are displayed by default. 

You can manually override the Time filter to use UTC or any other time zone, and that setting will be persisted across logins. To change the default time zone setting, click the Time filter, then select the icon at the bottom right of the menu. This opens the Time Zone Settings dialog:

Click Manual, then select your preferred time zone. Click Save Changes to keep your setting.

Note that for all the analytics graphs, if you hover your cursor on a point on the plot, the data at that point is displayed in a box alongside the cursor. For example:

Security Overview gives quick visual looks at the current status of your account's security events. You can view

  • All security events
  • WAF overview
  • Bot overview

Select the view from the Security overviews pulldown on the right:

All Security Events Overview

The default view of the Security Overview page is an aggregated view of all security events logged by the system. 

The top row shows summaries of 

  • requests that triggered warn rules – that is, the rule action was to respond normally to the request, but log it as a security event
  • blocking rules – that is, the rule action was to respond to the request with an HTTP status code of 403 (Forbidden) and log it as a security event
  • the total number of requests

The totals of each are displayed and an indication of whether they have gone up or down compared to the previous equivalent time period.

The next row shows a graph of Security Event Trends. The number of requests that triggered warn and block rules are plotted.

The last row shows a pie chart of Event Types and a bar chart of Requests Blocked by Country.

WAF Overview

The WAF Overview is summary view of all WAF events logged by the system. 

The top row shows summaries of

  • requests that triggered WAF warn rules – that is, the rule action was to respond normally to the request, but log it as a WAF event
  • requests that triggered WAF blocking rules – that is, the rule action was to respond to the request with an HTTP status code of 403 (Forbidden) and log it as a WAF event
  • the total number of requests

The totals of each are displayed and an indication of whether they have gone up or down compared to the previous equivalent time period.

The next row shows a graph of WAF Event Trends. The number of requests that triggered warn and block rules are plotted.

The last row shows a pie chart of WAF Categories and a bar chart of Requests Blocked by Country.

Bot Overview

The Bot Overview is summary view of all bot events logged by the system. 


The top row shows summaries of

  • requests that triggered bot warn rules – that is, the rule action was to respond normally to the request, but log it as a bot event
  • requests that triggered bot blocking rules – that is, the rule action was to respond to the request with an HTTP status code of 403 (Forbidden) and log it as a bot event
  • the total number of requests

The totals of each are displayed and an indication of whether they have gone up or down compared to the previous equivalent time period.

The next row shows a graph of Bot Event Trends. The number of requests that triggered warn and block rules are plotted.

The last row shows a pie chart of Bot Signals and a bar chart of Requests Blocked by Country triggered by bot rules.

For details on the other security analytics screens see the following: