View web security dashboard

The Web Security view provides high-level information on the data coming from your security products and it’s a good starting point of an investigation into how effective are the security configurations.

Note: To get data from the security products for your reports, log HTTP header data, and make sure to enable host header logging in your delivery configurations log delivery system (LDS) setting.

Set report scope

  1. Go to > WEB & DATA CENTER SECURITY > Security Center.

    The Web Security dashboard opens.

  2. In the Security Center menu bar, modify the general settings for the view.
    • Switch to view another security configuration. Click the name of the current security configuration, and select a different configuration from the menu.
    • Set a time period within the last 3 months. Click the date field and select the duration or dates you want to see.
  3. Use filters in the charts.
    • Choose the type of traffic displayed in the Traffic graph. Click the Traffic dropdown and select:
      • Edge Hits
      • Edge Bandwidth
      • Edge Page Requests
      • Edge Error Views
    • Apply filters to Traffic & Activity graphs to see results only for a specific dimension, like policy, hostname, attack activity, action and more.

      In the upper right corner of the Traffic & Activity area, click the filter button. Then, under the dimensions you want, select values to filter on. Click Apply.
      To clear filters, click Reset.

Interact with the charts

  • To view configuration details on the Events time line, zoom in on a green block to break it down into individual event blocks.

    Click a block to see the event description, start and end dates and the user who made the changes.

  • To view the details for a specific moment in time, hover the mouse over a point on the time line.
  • To download the data for further analysis in the CSV format, click the download button that is next to any chart header.

View configuration changes and updates

The Events timeline shows configuration events for:
  • Web Application Firewall
  • ARL (Akamai resource locator)
The events are displayed as blocks. The darker the block shade, the more events are merged into it.

The Notification Center includes information about updates or changes to your security products.

For example, you might see notifications that new rules have been added to the Kona Rule Set, v1.0 rules, or that an updated network list has been published. Some messages may include more details under a link. Messages here are available for around 90 days.

See general traffic and attack traffic details

Note: The Traffic graph displays only requests processed by your security products.

The traffic graph displays the volume of regular real-time and historical client traffic as well as attack activity on your properties.
Data for historical traffic has been thoroughly processed for accuracy. The real-time traffic data is an estimate.
If you choose Edge Page Requests or Edge Error Views dimensions for this graph, the attack activity is not included in the display.

The Attack Traffic graph displays attacks that violate rules in five categories:
Reputation Activity.

Displays the number of times that reputation rules triggered.
Reputation rules trigger on requests coming from IP addresses that have been flagged by Client Reputation and that exceed the thresholds set in the Client Reputation profile.

App Protection.
Attacks that involve XSS-, SQLi-, RFI-, PHPi-, CMDi-, inbound-, outbound-, and trojan-related rules.
Custom Rules.
This category consists of custom rules you have defined yourself and that you may have in your web application firewall configuration.
Bot Activity.
Attacks that involve bot-related rules.
DoS Protection.
Attacks that involve rate control activity and slow POSTs, as well as rules designed to detect DoS attack tools.

Assess your security configuration

The Configuration Status section can help you evaluate how effective and up-to-date are your security configurations.

Akamai uses various heuristics that take into account among other:

  • How many properties have security controls enabled
  • How well your web application firewall policies are tuned to protect these properties
  • How current is the rule set version used by each firewall policy
  • What percentage of recommended controls are enabled
  • What percentage of enabled controls are set to a deny action
The Configuration Status section consists of:
Protected Properties.

The number of your digital properties that are currently protected by your firewall policies.
To view the details and modify the configuration, click the View Protected Properties link.
On the Hostname Coverage page you can:

  • View your individual hostnames
  • Examine which hostnames are currently protected by your security configuration
  • Determine which of the hostnames are protected with a match target
Policy Tuning Status.
Total Number of Policies shows how many firewall policies you have provisioned.

Based on the overall score your firewall policies fall into one of the categories below.

Good.
The policy tuning level is appropriate.
Needs Attention.
The policy needs attention, and you should review its setup at your earliest convenience.
Maintenance Required.
The policy requires maintenance, and you should review its setup as soon as possible.
To view the details and modify the security policies, click the View Tuning Status link. On the Web Security Configurations tab, look at the Tuning Status column. Click an icon in this column to display the details on your policies tuning quality.