View DoS trends

The DoS Trends view shows the categories of DoS attacks, what they target, and policies that detect them. You can use this information to assess the effectiveness of your security configuration setup. This view allows you to trend DoS activity up to the last 90 days.

In the DoS Trends you can see:

  • How much of your traffic has been generated by DoS attack activity and how it compares to regular client traffic
  • Which rules triggered by DoS activity
  • How your security products responded to DoS activity
  • Which APIs and hostnames were targeted by DoS attacks
Note: To get data from the security products for your reports, log HTTP header data, and make sure to enable host header logging in your delivery configurations log delivery system (LDS) setting.

Set report scope

  1. Go to > WEB & DATA CENTER SECURITY > Security Center.
  2. In the left menu, click Trends > DoS Trends (Web Security).
  3. In the Security Center menu bar, modify the general settings for the view.
    • Switch to view another security configuration. Click the name of the current security configuration and select a different configuration from the menu.
    • Set a time period within the last 3 months. Click the date field and select the duration or dates you want to see.
    • Specify the section of traffic you want to see in all charts within DoS View. At the top of the screen, click the Traffic Segment dropdown and select: Website & API, API, or Website.
    • Apply filters to all charts within DoS View to see results only for a specific dimension, like policy, hostname, API name, and more.

      On the upper right of the screen, click the filter button. Then, under the dimensions you want, select values to filter on. Click Apply.
      To clear filters, click Reset.

  4. Use filters in charts.
    • Choose the type of traffic displayed in the DoS Attack Traffic Trends graph. Click the Traffic dropdown and select:
      • Edge Hits
      • Edge Bandwidth
      • Edge Page Requests
      • Edge Error Views
    • Choose the type of attack displayed in the DoS Attack Categories Detected graph. Click the DoS Categories dropdown and selecta category.

Interact with the charts

  • In a pie chart, to enable and disable chart sections, click a section name in the legend.
  • To view the details for a specific moment in time, hover the mouse over a point on the time line.
  • For some charts, to switch between the line chart and bar chart views, click and in its header.
  • To download the data for further analysis in the CSV format, click the download button that is next to any chart header.

See DoS attack overview

See how much of your traffic has been generated by DoS attack activity in DoS Attack Traffic Summary. The section includes the amount of hits/page requests generated by the DoS activity at the edge servers, and bandwidth served to attacks.

Scroll to the The DoS Attack Traffic Trends graph to check how regular client traffic compares to DoS activity. Enable and disable either display by selecting and deselecting the All Traffic and DoS Traffic checkboxes.

Using the Traffic menu, you can choose the type of traffic displayed:

  • Edge Hits. Displays the number of hits on the edge servers.
  • Edge Bandwidth. Displays the amount of bandwidth being served.
  • Edge Page Requests. Displays the number of pages being requested at the edge.
  • Edge Error Views. Displays the number of HTTP errors the edge is issuing.

Investigate which types of DoS attack are most common

The DoS Attack Categories Detected pie chart shows the percentages and number of triggered rule types.

The DoS Attack Categories Detected graph shows the top categories of detected attacks.

View how your security products handle DoS attacks

Firewall Policies Triggered by DoS Attacks shows your top firewall policies that detect DoS attacks.

Next, you can see what happened to the detected attacks in the Actions Applied to DoS Attacks pie chart. See the percentages and number of requests that were denied and those that generated an alert, but the request was allowed to continue.

See which parts of your setup attract DoS attacks

The APIs Targeted by DoS Attacks section displays your APIs that DoS attacks have targeted.

The Hostnames Targeted by DoS Attacks bar chart displays your hostnames and the total number of attacks on each. If you’re filtering DoS trends by security configuration, you’ll also see a column displaying the configuration to which the hostname belongs.

See where DoS attacks originated

The Countries Where DoS Attacks Originated bar chart displays the countries and the number of DoS attacks that originated from each.