Several improvements have been released for Fortra's Managed WAF for Managed Detection & Response (MDR) customers. These changes include a brand new dashboard, a pre-populated deny log search template, a distinct WAF reports section, and more detailed and dynamic configuration tables.
Several pages in the Alert Logic Console have been added and enhanced for more detail and clarity.
A new WAF dashboard can be found under (navigation menu) > Dashboards > WAF Summary.
There are several widgets summarizing the overall status of current WAF appliances and security profiles. These include:
- Violations by Source Country and IP
- Violation Actions
- Violations by Attack Class
- Violations by Destination
- Certificate Expiration Status
- Violations by Violation Type
- Website Protection Status
- Appliance Version
Clicking Investigate under each widget will take you to the relevant page in the Alert Logic Console to further explore and act on that information.
The new WAF reports section can be found under > Validate > Reports.
The WAF report section has several reports available, including:
- WAF Usage > WAF Traffic
- Web Application Analysis > WAF Violation Explorer
- Web Application Analysis > WAF Violation Trends
- Other Reports > WAF Activity
- Other Reports > WAF Policy
There are three additional tabs with other helpful information, including:
- Compliance > PCI Audit
- Service > Entitlement
WAF Search Template
The new WAF deny log search template can be found under > Investigate > Search, then by clicking Apply Template and selecting Deny Logs.
This template will immediately populate the search with helpful deny log fields in the eventual results. As always, the query can be further modified, scheduled, and correlated as needed.
WAF Configure Tables
The new WAF configuration tables can be found under > Configure > WAF. Each of the three familiar Websites, Appliances, and Certificates tables has more detail and additional filter options.
Additionally, long values can be clearly represented by clicking > Toggle multi-line table rows, and columns can be removed and adjusted by clicking .
- Clicking each link () in the left column will open a new tab to the website profile.
- Clicking elsewhere to the right on each row will list the associated aliases indicated by the Number of aliases column in a detailed inset on the right side of the page, as well as some additional configuration information about the website.
- Clicking ellipsis ()> View Deny Logs for each row will open a new tab to a log search for the website.
- Clicking each link () in the left column will open a new tab to the appliance interface.
- Clicking elsewhere to the right on each row will list some additional configuration information about the appliance.
- Clicking ellipsis ()> View Deny Logs for each row will open a new tab to a log search for the appliance.
- Clicking each link () in the left column will open a new tab to either the appliance or website profile section to view and update the certificate.
- Clicking elsewhere to the right on each row will list some additional configuration information about the certificate.
For more details on the standalone WAF Console changes, refer to Getting Started with Managed WAF.