You appear to be offline. Some site functionality may not work.
Call Us

Meet Fastly’s new security dashboard integrations for WAF and real-time logging

By  Mandy Sparber, Security Solutions Engineer  Patrick Francois, Security Solutions Architect, March 19, 2020 in Real-time insightsSecurity

We offer our web application firewall (WAF) because we know how important it is to be able to see your security events and notifications in real time, address issues on the spot, and get back to building and delivering excellent user experiences. But we also know the sheer amount of this data, while valuable, can be time consuming to parse through.

That’s why, for those looking for more of an out-of-the-box solution, we’ve created a templated visual dashboard using integrations with BigQuery and Looker that help you effectively monitor security events on your sites and applications, in real time.

See the step-by-step tutorial for setting up the dashboard.

A look at how the data is gathered

Fastly’s WAF incorporates the OWASP Core Rule Set — combined with commercial resources and our own research — to offer more comprehensive protection. It covers the OWASP Top 10 web application security risks and enables protection for new exploits using well-known techniques.

As a request goes through the OWASP rules, it can trigger multiple rules from different attack categories — SQL injection, Cross-Site Scripting attacks, HTTP Protocol Violation, etc. The request accumulates a score based on the triggered rules, and a user-configured threshold is checked to determine if a request should be blocked or passed to the origin. These rules enable you to detect anomalies, as well as determine the shape of a request and if it’s malicious.

Take a tour of the dashboard

The templated visual dashboard includes 15 pre-built charts you can use to analyze your application’s traffic and security in real time. Once it’s up and running, you’ll have both a high-level view of your WAF traffic, as well as a granular look at any malicious activity on your site — like XSS, SQL Injection, and Remote Command Execution. Get a taste of some of the most helpful dashboards below: 

Traffic overview

Traffic Overview

See trends and rapidly identify anomaly patterns, such as attacks or a sudden surge in traffic. It shows the total number of requests for a selected period, with each request identified as WAF Passed, Blocked, or Logged

Top 10 Logged IPs & Top 10 Blocked IPs

Top 10 Blocked and Logged IPs

See the IPs that generated the most requests to your site and were either logged or blocked by the WAF.

WAF Logged & Blocked Traffic Analysis 

WAF Logged Traffic Analysis

WAF Blocked Traffic Analysis

See a dynamic picture of undesirable traffic to your site. They provide in-depth details on the requests that triggered WAF rules and that were either blocked or logged. This can help to rapidly detect and identify malicious patterns that could harm your application. ACL or custom VCL code could be leveraged to block these identified patterns with Fastly’s instant configuration change via API call.

Additional pre-built charts:

Logged & Blocks by Country 

A map chart that provides insight on the countries from which we see the highest number of requests triggering WAF rules against your site.

Top URLs Blocked and Logged and Top 10 Rules Logged and Blocking

Get a more granular view of the malicious activity detected on your site, providing insight into the different types of attacks detected by the WAF. See what parts of your site are the most targeted with details of the most frequently triggered WAF rules.

WAF Traffic (Daily)

See the number of requests on which WAF is executed on a daily basis. It includes both WAF blocked and logged requests and gives a high-level view of the traffic that goes to your origin and the trends over a day period.

Top Rules with IP Count (Logged & Blocking)

See WAF rules on which the highest number of requests are triggered filtered by distinct IP count. They provide WAF rules descriptions and additional details on the security events.

If you are already a WAF customer and want to use BigQuery as a logging endpoint, combined with Looker for data visualization, take a look at this GitHub repository for the template source code. You can sign up for a Looker account (they offer a free trial) and try the dashboard.

Not a Fastly WAF customer yet? Get in touch with one of our experts to talk through how it can help secure your sites.

Author

Mandy Sparber | Security Solutions Engineer

Mandy Sparber is a Security Solutions Engineer assisting customers with CDN configurations and enhancing their edge cloud protection. When she’s not dissecting a SQL or PHP attack, Mandy enjoys traveling to locations outside of her hometown of New York City, discovering new food, and sipping on a glass of quality whiskey.

Patrick Francois | Security Solutions Architect

Patrick Francois is a Security Solutions Architect at Fastly, focusing on the implementation of the Fastly Edge Security Solutions products to protect the most popular web applications on the internet. When he’s not fighting against the latest cybersecurity trends and web exploits, he can be found travelling around the world, hiking, and trying all sorts of culinary specialities.