Guide

Monitor activity

Track configuration effectiveness and adjust protections as needed.

You'll want to keep a close eye on how your security policy is working, to make sure you're covering the right traffic and that your settings aren't alerting on or denying valid requests. When you create a Security Configuration, it's a good idea to set actions to Alert at first, instead of Deny. After you activate the entire Security Configuration, check traffic in Web Security Analytics to see if rules are triggering false positives (regular requests flagged as problems). Also consult security reports, and set up notifications to get emails when important events occur.

Tracking activity with these tools lets you gauge the settings and how accurate and effective your protections are. You can use this information to tweak protection controls you set. Once you feel comfortable that rules and other protections are not producing false-positives, you can contemplate setting controls to deny.

👍

You can introduce some initial adjustments within a few hours of activating your Security Configuration. Proper adjustments require more data, collected over weeks, so you can identify specific patterns.

Web Security reports

After you get protections activated for your website and or web apps, you should continuously monitor and assess how they're handling web requests. Each site is different, and you'll inevitably have to adjust controls and protection profiles to achieve the results you want and cut down on false-positives and other issues.

🚧

For reporting to be useful, make sure you log HTTP header data. Go to your App & API Protector Hybrid Security Configuration > Advanced settings > Logging > HTTP header data logging. Make sure that the setting is On. You can also select which data categories to log, such as Standard headers, Custom headers, and Cookies.

Using reports you can tackle the following tasks:

  • See attack traffic
    Security Center gives you a higher-level view and shows big-picture data like attack traffic vs. regular traffic. Go to Akamai Center and log in. From the menu, select ☰ > WEB & DATA CENTER SECURITY > Security Center. Start at the Web Security dashboard where you can investigate your attack traffic.
  • See web application firewall activity
    View activity by attack group and see what actions have been applied. See what hostnames and security policies attackers have targeted, and the geographic locations from which requests originate. In Security Center, on the left side of the screen, click Trends > Web Application Firewall.
  • View attack data across dimensions
    Web Security Analytics lets you view traffic across products and protection types. Drill down by individual dimensions to get specifics, and pivot chart views to group and compare values.
  • See DoS attack traffic
    The DoS activity report shows any detected DoS attack traffic and resulting actions. See targeted hostnames and security policies that are detecting this activity. In Security Center, on the left side of the screen, select Trends > DoS (Web Security).

Read more about all these reports and tools in the Security Center Guide.

Updated 1 day ago