About the Events page

  Last updated 2024-08-28

IMPORTANT

This guide only applies to customers with access to the Next-Gen WAF product in the Fastly control panel. If you have access to the Next-Gen WAF control panel, check out our web interface guides for the Next-Gen WAF control panel.

The Events page lists all IP addresses that the Next-Gen WAF flagged in the past 30 days as a result of workspace alerts.

Before you begin

The Next-Gen WAF is disabled by default. To purchase and enable the product, contact sales@fastly.com. Once enabled, any user will be able to access the Events page for workspaces they have access to.

Be sure you know how to access the web interface controls before learning about the details you'll encounter here.

Accessing the Events page

To access the Events page, follow these steps:

  1. Log in to the Fastly web interface.
  2. Go to Security > Next-Gen WAF > Events.
  3. From the workspaces bar, click the menu Menu icon to the right of the workspace name and select a workspace.

About the controls on the Events page

From the Events page, you can:

  • enter an IP address into the search bar to find events related to that IP address.
  • filter the events list by the event's status (active or expired), by the signal the event was tagged with, and by when the event occurred.
  • click Refresh to remove all search parameters.
  • click the document icon Document icon next to an event to access the Event detail page for that event.

About the Event detail page

The Event detail page displays event-related information on three cards. You can use this information to help determine how to handle the IP address and then:

  • click Remove flag to remove the IP address from the flag list.
  • click Convert to rule to create a rule that is based on select characteristics of the event.

About the event overview card

The event overview card is the first card on the Event detail page and contains detailed information about the event and associated IP address, including:

  • IP: the IP address that was flagged.
  • Status: the status of the event, either Active or Expired.
  • Country: the country where the request originated.
  • Action: additional actions taken on the IP address while flagged.
  • Host: the host where the request originated.
  • User agents: the user agents seen from this IP address. This list may include web browsers, media players, and other plug-ins.

About the Event Timeline card

The Event Timeline card contains a timeline illustrating the actions leading up to and during the event, including:

  • when the IP address was identified as suspicious.
  • the number of requests received from the IP address before it was flagged.
  • when the IP address was flagged.
  • the number of requests that were blocked or logged.
  • the current status of the IP address.

About the Sample Request card

The Sample Request card highlights a single request received during the event, including the request itself and the signals applied to it. Clicking View this request takes you to the Request details page for that request.

Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Fastly
© Fastly 2024