Flow Analytics - Web Attacks
This view provides detailed visibility, filtering and analytical options for events recorded from Valtix web attack engine and summarized in Web Attacks with an event rate counter displayed (total events/seTo perform various functions in this view, refer to the following guides:
Refer Flow Analytics Overview for details on Search, Filter, Show/Hide Columns, Select Gateways and modify Time Formats/Timeframes.
Web Attacks
Tables and Fields available in Web Attacks are as follows
| Event Details |
Description |
| Date and Time |
ISO 8601 format: YYYY-MM-DD T HH:MM:SS:S Example: 2020-11-22T10:58:46.820 |
| Type |
L7DOS, WAF |
| CSP Account |
Valtix CSP Account |
| Gateway |
Valtix Gateway |
| Region |
Region of the Valtix Gateway |
| Level |
DEBUG, INFO, NOTICE, WARNING, ERROR, CRITICAL, ALERT, EMERGENCY |
| Session ID |
.. |
| Service |
Description |
| Src IP |
Source IP Address |
| Src Port |
Source Port |
| Dest IP |
Destination IP Address |
| Dest Port |
Destination Port |
| Protocol |
UDP, TCP |
| Application Info |
Description |
| Client App Name |
Application name associated with client side of the session. Example: Advanced Packaging Tool |
| Payload App Name |
HTTP application name associated with webserver host. Example: Facebook |
| Service App Name |
Application name associated with server side of the session Example: HTTP |
| Action |
Description |
| Action |
ALLOW, DENY |
| State |
ESTABLISHED, CLOSE, CLOSED, CLOSE_WAIT, TIME_WAIT, FIN_WAIT, LAST_ACK |
| HTTP Request |
Description |
| Host |
Host portion of URL |
| Method |
GET, PUT, POST, HEAD, DELETE, PATCH, OPTIONS |
| URI |
URI Identifier RFC 3986 |
| FQDN |
Description |
| FQDN |
Fully Qualified Domain Name |
| Category Name |
Category classification of the FQDN. Example: Social Media |
| Reputation |
Reputation score of the FQDN |
| Rule |
Description |
| ID |
ID number/description of Valtix Rule. Example 59 (egress-prod-apt-80) |