Overview
The traffic inspection feature enables an analysis of the traffic risks associated with the currently protected services. It assists you in efficiently summarizing the connected assets, detecting risks in business traffic, reviewing the WAF configurations, and generating a detailed Traffic Inspection report. This aids in enhancing website protection effectiveness and ensuring the stable operation of your business.
Traffic Inspection Introduction:
Free trial: Traffic inspection is currently a beta feature, and it is available for use after WAF is purchased.
Log recording: Once the traffic inspection starts, it will check for web risk, bot risk, and API asset risk for the check domain. If any risk is detected, attack logs and access logs will be recorded with actions of observation (monitoring without interception). It ensures there is no impact or interception of business access.
Data source: The traffic inspection display data comes from the WAF product you are currently using. If some value-added features are not enabled, the statistics may slightly deviate from the actual access situation. It is recommended that you purchase and enable these features before conducting another check.
Directions
1. Log in to the WAF console, and choose Traffic Inspection in the left sidebar. 2. On the traffic Inspection page, you can initiate a check, view the top 5 key issues of concern, and download historical check reports.
Initiating a Traffic Inspection
1. On the traffic Inspection card, click Full check to initiate the check task.
Check scope: Supports the check of up to 100 domain names within 20,000 QPS. Exceeding this limit will result in a random selection of some domain names for check.
Check cycle: Supports check once every 7 days.
Check duration: Each check cycle is expected to span approximately 24 hours. Once it is initiated, the check will only analyze abnormal traffic data from the most recent 24-hour period. The check ends with the generation of a check report and key issues.
2. After the check is initiated, you need to wait for 24 hours to obtain the results. During the check process, you can click Cancel to terminate the check task.
3. After the check is completed, you can download the check report and view the key issues in this check.
Viewing Key Issues
After the check is completed, you can view the top 5 key issues at the bottom of the page, and handle key risks accordingly.
Priority: The priority of risk disposal, divided into high, medium, and low levels, is evaluated based on the degree of risk and impact scope.
Statistics data: Collects risk data within the check cycle, and displays the increase/decrease changes in risk compared to the results of the last check.
Downloading Reports
After the check is completed, you can download a detailed traffic Inspection report. The report is only saved for 30 days.
Note:
Due to the limited length of the report, only the top 5 items are displayed for each check item detail list. For complete details, see the report guide and view on the corresponding page in the console.
On the report download card, click Preview to view the content of the check report online.
On the report download card, click Download to download the physical check report in PDF format.
Introduction of Check Items of Traffic Inspection
|
Connected Asset Summary | Domain asset summary | Summarizes the total number of domains, the total number of domains connected to the WAF, and the total number of domains with WAF protection enabled. Displays the list of domains not yet protected by the WAF. |
| API asset summary | Summarizes the total number of API assets found in the connected domains and the business scenarios involved. Displays the top 5 API QPS peak values from the day before and the list of domains with a high number of active APIs. |
Traffic Risk Summary | Trend of business access | Analyzes business access trends and identifies any risks of excessive traffic volume. |
| Trend of attack traffic | Analyzes the distribution of attack types within the access business check cycle. |
| Bot attack risk | Determines if there is bot risk in the access traffic; if so, further analyzes the types/purposes, maliciousness, and access trend of the relevant bots. |
| API risk summary | Analyzes if there are risks associated with API assets found in the access traffic; if so, further analyzes the sensitivity involvement, risk events, and the total number of accesses, QPS, and the business scenarios of the related assets. |
WAF Configuration Summary | WAF configuration summary | Checks the configuration of key product features, including statuses of asset connectivity, protection switch status, protection configuration, and log storage configuration. |
Was this page helpful?