Viewing Web Application Firewall (WAF) Reports

Reporting : SMA Reporting Overview

Viewing Web Application Firewall (WAF) Reports

The Web Application Firewall (WAF) Summary report contains information on the number of connections incurring Application Firewall activity logged by a SonicWALL appliance during each hour of the specified day, or at the global or group level, by each group of SonicWALL appliances for the day.

The Web Application Firewall provides the following Reports:

•

Timeline

•

Threats Detected

•

Threats Prevented

•

Apps Detected

•

Apps Prevented

•

Users Detected

•

Users Prevented

Clicking on hyperlinks in these reports take you to the Log Analyzer view, for more details.

To view reports:

1

Click on the SMA tab and either GlobalView for the group or by individual appliance in the TreeControl view on the left tab of the interface.

2

Click Reports on the middle tab.

3

Select the WAF entry to expand it and click on the Report you want to view.

Viewing Connections Timeline

The WAF Connections timeline displays connections to the web firewall over time. To view the Web Application Firewall Summary report, complete the following steps:

1

Click the SMA tab.

2

Select a SonicWALL appliance.

3

Click Connections > Timeline.

The Timeline displays the unit level summary report containing Offloaded Connections information for an individual SMA system.

Click the hyperlinks available in this report to go to the Log Analyzer.

Viewing WAF Top Threats Detected

The Threats Detected report displays the threats detected, according to signature, classification, and severity. To view the Web Application Firewall Top Threats Detected report, complete the following steps:

1

Click the SMA tab.

2

Select a SonicWALL appliance.

3

Click on the Reports tab.

4

Click WAF > Threats Detected.

The Top Threats Detected screen shows the top threats detected by the firewall, and gives details on the Threat Signature, Threat Classification, Threat Severity, in addition to total threats detected.

Click the hyperlinks available in this report to go to the Log Analyzer.

Viewing WAF Top Threats Prevented

To view the Web Application Firewall Top Threats Prevented report, complete the following steps:

1

Click the SMA tab.

2

Select a SonicWALL appliance.

3

Click on the Reports tab.

4

Click WAF > Threats Prevented.

The Top Threats Prevented view shows Top Threats detected and prevented by the web firewall, with details on the Threat Signature, Threat Classification, Threat Severity, in addition to total threats detected.

Viewing WAF Top Applications Detected

To view the Web Application Firewall Top Applications Detected report, complete the following steps:

1

Click the SMA tab.

2

Select a SonicWALL appliance.

3

Click on the Reports tab.

4

Click WAF > Applications Detected.

The Top Applications Detected report lists applications with the most number of threats detected by the WAF process. It displays the Application IP, URI and the Detections in order of the number of detections.

Click on the hyperlinks available in this report to go to the Log Analyzer.

Viewing WAF Top Applications Prevented

To view the Web Application Firewall Top Applications Detected report, complete the following steps:

1

Click the SMA tab.

2

Select a SonicWALL appliance.

3

Click on the Reports tab.

4

Click WAF > Applications Detected.

The Top Applications Prevented report lists applications with the most number of threats prevented by the Web Application Firewall. It displays the Application IP, URI and the preventions in order of the number of threats prevented by the firewall

Click on the hyperlinks available in this report to go to the Log Analyzer.

Viewing WAF Top Users Detected

The Top Users Detected report lists the top authenticated users from whom threats have been detected by the Web firewall. It displays the User Name, User Agent and the Detections in order of the number of detections.

The Top Users report displays the users who made the most VPN connections on the specified date.

To view the Top Users report, complete the following steps:

1

Click the SMA tab.

2

Select a SonicWALL appliance.

3

Click on the Reports tab.

4

Click WAF > Users Detected. The Top Users page displays.

5

The pie chart displays the VPN connections for the top VPN users.

6

The table contains the following information by default:

•

Users—the user’s login. You can drill down to learn the IP address of the user.

•

Agent—the User agent and version being used.

•

Detections—the number of VPN connections in order of number of detections.

•

MBytes—the number of megabytes transferred.

7

By default, the Reporting Module shows yesterday’s report, a pie chart, and the ten top users. To change the date of the report, use the Search Bar and click the Start or End field to access the pull-down calendar, or click More Options for report display settings.

Viewing WAF Top Users Prevented

To view the Web Application Firewall Top Users Prevented report, complete the following steps:

1

Click the SMA tab.

2

Select a SonicWALL appliance.

3

Click on the Reports tab.

4

Click WAF > Users Prevented.

The Top Users Prevented report lists the top authenticated users from whom threats have been prevented by the SonicWALL web firewall. It displays their user name, user agent, and preventions, in order of the number of preventions.

Click on the hyperlinks available in this report to go to the Log Analyzer.