AdminA user role that has limited access to corp configurations, can edit specific sites, and can invite users to sites.
AgentOne of the main components of the Next-Gen WAF architecture. The agent receives requests from modules and quickly decides whether those requests contain attacks or not. The agent then passes their decision back to the module.
Agent alertsCustom alerts that trigger notifications whenever:
  • The average number of requests per second (RPS) for all agents across all sites reaches a user-specified threshold
  • The number of online agents reaches a user-specified threshold
Agent modeDetermines whether to block requests, not block requests, or entirely disable request processing.
AllowAn agent decision to allow a request through.
AnomaliesAbnormal requests that, although not attacks, may still be notable. Examples include malformed request data and requests originating from known scanners.
API access tokensPermanent tokens used to access the Signal Sciences API. Users can connect to the API using their email and access token.
AttacksMalicious requests containing attack payloads designed to hack, destroy, disable, steal, gain unauthorized access, and otherwise take harmful actions against a corp’s sites.
Audit logAn audit of activity, changes, and updates made to a site or corp.
BlockingAn agent mode that blocks subsequent attacks from a flagged IP address after it has been identified as malicious. Blocking mode still allows legitimate traffic through if the requests do not contain attacks.
CardsVisual charts of data that can be monitored and customized on site dashboards.
Cloud engineOne of the main components of the Next-Gen WAF architecture. The cloud engine collects metadata to help improve agent detections and decisions.
ConfigurationsA set of features that users can customize to meet their business needs. Configurations include: rules, lists, signals, alerts, integrations, site settings, and user management.
Corp (Corporation)A company hub for monitoring all site activity and managing all sites, users, and corp configurations. Users are authenticated against a corp and can be members of different sites in that corp.
DashboardsThe corp and site homepages. The site dashboard gives visibility into specific types of attacks and anomalies. The corp dashboard gives a snapshot of all top site activity including which sites have the most attack requests, blocked requests, and flagged IP addresses.
EventsActions that Next-Gen WAF takes as the result of regular threshold-based blocking, templated rules, site alerts, and rate limit rules. This includes any occurrence that happens on the Events page, such as a flagged IP address. Events are automatically system generated.
Flagged IP addressesAn IP address that has been flagged for exceeding thresholds.
Header linksExternal data like Kibana or Datadog that connects with request data from the Next-Gen WAF.
IntegrationsDevOps toolchain apps that send activity notifications to users. Examples include Slack, Datadog, PagerDuty, mailing lists, and generic webhooks.
IP AnonymizationIP addresses are converted to anonymous IPv6 addresses so that the Next-Gen WAF will not know the actual IP address, which causes the IP address to appear anonymous in the dashboard.
ListsSets of custom data used in corp and site rules, such as a list of countries a corp doesn't do business with. Lists include sets of countries, IP addresses, strings, and wildcards.
LogIn not blocking mode, requests that would have been blocked are logged and allowed to pass through instead.
ModuleOne of the main components of the Next-Gen WAF architecture. The module receives and passes requests to the agent. It then enforces the agent's decisions to either allow, log, or block those requests.
MonitorTo observe and keep watch over corp and site events.
Monitor viewThe site dashboard in a TV-friendly format.
Next-Gen WAFThe overall platform that protects a corp's sites.
Not blockingThe default agent mode. In this mode, attacks are logged but not blocked and the site is not actively protected.
NotificationAny product message sent internally or externally. External notifications are sent through integrations when activity happens (e.g., a Slack notification is sent when a new site is created).
ObserverA user role that can view sites they are assigned to, but cannot edit any configurations.
OffAn agent mode that stops sending traffic to the Next-Gen WAF and disables all request processing.
OwnerA user role that has access to all corp configurations, can edit every site, and can manage users.
Rate limit ruleA type of rule that allows you to use the Advanced Rate Limiting feature to define arbitrary conditions and automatically begin to block or tag requests that pass a user-defined threshold.
RedactionsSensitive data that is not sent to the Next-Gen WAF backend for privacy reasons. Next-Gen WAF redacts some sensitive data by default, such as credit card numbers and social security numbers. In addition to the default redactions, users can specify their own custom redactions.
Request ruleA type of rule that allows you to define arbitrary conditions to block, allow, or tag requests.
RequestsInformation that is sent from the client to the server over the hypertext transfer protocol (HTTP). Next-Gen WAF protects over a trillion production requests per month.
Response timeThe amount of time between when a request was received by the server and when the server generated a response.
RoleEvery user is assigned one role: owner, admin, user, or observer.
RulesA configuration that defines conditions to block, allow, or tag requests or exclude built-in signals.
SamplingThe act of taking a random sample of certain types of requests to be stored and available in the control panel.
SignalA descriptive tag about a request.
Signal exclusion ruleA type of rule that allows you to define arbitrary conditions to exclude a specific system signal (such as XSS).
Site (Workspace)A single web application, bundle of web applications, API, or microservice that Next-Gen WAF can protect from attacks. Users can monitor events, set up blocking mode to block attacks, and create custom configurations on sites.
Site alertsA custom alert that allows users to define thresholds for when to flag, block, or log an IP address.
Suspicious IP addressesIP addresses that are approaching thresholds, but have not yet met or exceeded them.
Templated ruleA type of partially pre-constructed rule that, when filled out, allows you to block, allow, or tag certain types of requests.
ThresholdsA limit either that must be exceeded for a certain event to happen. For example, suspicious IP addresses must exceed a certain threshold to become flagged.
User (role)A user role that can edit site configurations on sites they are assigned to.
UsersAll of the people who manage, edit, or just observe activity. A user belongs to a particular corp and is identified by an email address and password. A user can be a member of one or more sites.
Virtual PatchA virtual patch prevents attacks of a known vulnerability in a module or framework by not allowing the attacks to reach the web app. This buys time to fix the underlying vulnerability while the virtual patch is protecting the app.
Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.