Data visualization

0.0.201

Web Application Firewall (WAF) provides the data visualization feature. The feature uses dashboards to display the business and security data of a website that is added to WAF. This way, you can understand the attack and defense situation of the website in real time. The data visualization feature also displays alerts for attacks. This makes data analysis easier and enables you to make informed decisions.

Background information

Data visualization provides the real-time attack and defense dashboard and the security data dashboard. For more information about the dashboards, see Dashboard data.

The data visualization feature is supported only by Google Chrome 56 and later.

Billing

The data visualization feature supports only the subscription billing method. You can use the feature within the validity period only after you purchase it.

The data visualization feature is available in two types of specifications: single-dashboard service and multi-dashboard service. The following table provides the descriptions and prices for the two specification types.

Specification type	Description	Price (USD/month)

Specification type	Description	Price (USD/month)
Single-dashboard service	You can enable the real-time attack and defense dashboard or the security data dashboard.	200
Multi-dashboard service	You can enable the real-time attack and defense dashboard and the security data dashboard at the same time.	300

Enable the data visualization feature

Only WAF instances that run the Pro edition or higher support the data visualization feature.

Important

The data visualization feature is supported in WAF 2.0 but not in WAF 3.0. If you want to use this feature, we recommend that you do not upgrade your instance from WAF 2.0 to WAF 3.0.

You can enable the data visualization feature when you purchase a WAF instance. You can also perform the following steps to enable the feature after you purchase a WAF instance:

Log on to the WAF console. In the top navigation bar, select the resource group and the region in which the WAF instance is deployed. The region can be Chinese Mainland or Outside Chinese Mainland.
In the left-side navigation pane, click Overview. On the page that appears, click Upgrade in the upper-right corner. In the panel that appears, select Single Screen or Multi-screen for Data Visualization to purchase the feature.
Note
The time when the data visualization feature expires is the same as the time when your WAF instance expires. The system calculates the fees based on the specification type that you select and the time when your WAF instance expires. After you enable the data visualization feature, you must renew the data visualization feature and the WAF instance at the same time.
Read and select Terms of Service. Then, click Buy Now.
Complete the payment as prompted.
Optional. If you select Single Screen, find the dashboard that you want to enable on the data visualization page and click Buy Now.
If you select Multi-screen, all dashboards are enabled by default.
View data in the dashboards.
For more information about data in the dashboards, see Dashboard data.

Dashboard data

Data visualization provides the real-time attack and defense dashboard and the WAF security data dashboard.

WAF Real-time Attack and Defense Dashboard

The dashboard is updated in seconds. It displays access information and blocked attacks for all your websites that are protected by WAF. You can assess the stability of your website service and the quality of the network based on the dashboard data.

Note

White points on the globe represent WAF data centers, and dotted lines represent connections between data centers. The dashboard displays data that is collected from 00:00 of the current day to the current time.

Statistical item	Description

Statistical item	Description
Inbound Bandwidth (bit/s)	The inbound bandwidth in bit/s.
Outbound Bandwidth (bit/s)	The outbound bandwidth in bit/s.
QPS	The current queries per second (QPS).
Interception Ratio Today (%)	The proportion of the requests that are blocked by WAF to the total requests on the current day.
Blocked Attacks Today	The number of attacks that are blocked by WAF on the current day.
Mobile OS Distribution	The distribution of operating systems for mobile clients that initiate access requests.
PC Browser Distribution	The distribution of browsers for PC clients that initiate access requests.
TOP 10 Source IPs (Visits)	The top 10 IP addresses from which the most access requests are initiated and the number of access requests for each IP address.
TOP 5 Visited URLs (Visits)	The top five URLs that receive the most access requests.
Monitored Exceptions	The HTTP status codes that are returned for failed requests and the number of times that each status code is returned.
Visits Statistics (mainland China)	The access heat map that shows the distribution of sources that initiated access requests in the last hour.
Requests (QPS)	The QPS trend chart. The chart shows changes in the numbers of requests that are blocked by WAF based on different protection rules. The rules include access control, data risk control, web application protection, and HTTP flood protection rules.
Bandwidth (bit/s)	The trend chart that shows changes in the inbound and outbound bandwidths.

WAF Security Data Dashboard

The dashboard displays security data about your websites that are protected by WAF. The data includes the numbers of web attacks, HTTP flood attacks, and requests blocked by access control.

Note

To display the security data of a domain name, select the domain name in the lower-left corner of the dashboard. By default, the security data of all domain names is displayed.

Statistical item	Description

Statistical item	Description
Total Visits	The total visits to the selected domain name on the current day.
Web Attacks	The number of web attacks that are blocked by WAF for the selected domain name on the current day.
HTTP Flood Attacks	The number of HTTP flood attacks that are blocked by WAF for the selected domain name on the current day.
Access Control	The number of requests that are blocked based on custom protection policies for the selected domain name on the current day.
Top Web Attack Source IPs	The IP addresses from which the most attacks are initiated, the regions to which the IP addresses belong, and the numbers of attacks from the IP addresses. You can move your pointer over the IP address of an attack source to view the type of attack and the region to which the IP address belongs.
Region heat map	The region heat map, which is in the upper-right corner and displays the distribution of regions for attack sources.

The radar chart in the middle of the WAF security data dashboard shows the QPS, blocked web attacks, blocked HTTP flood attacks, and blocked access requests during a 15-minute period. You can select a time period in the radar chart to view the security data during the time period that you select.

Note

You can click a date in the lower part of the dashboard to display the security data for the date that you select.

Statistical item	Description

Statistical item	Description
Visits	The QPS.
Web Attacks	The number of web attacks that are blocked by WAF.
HTTP flood attacks	The number of HTTP flood attacks that are blocked by WAF.
Access Control	The number of requests that are blocked by WAF based on custom protection policies.
Top Web Attack Source IPs	The IP addresses from which the most attacks are initiated, the regions to which the IP addresses belong, and the numbers of attacks from the IP addresses. You can move your pointer over the IP address of an attack source to view the type of attack and the region to which the IP address belongs.
Web Attack Type	The distribution of web attacks that are blocked by WAF based on attack types.
Top Attack Source Region	The top five regions from which attacks are initiated.
Top Hit Rule	The top five WAF protection rules that are matched.