Glossary
Last updated 2023-10-31
Term | Definition |
---|---|
Admin | A user role that has limited access to corp configurations, can edit specific sites, and can invite users to sites. |
Agent | One of the main components of the Next-Gen WAF architecture. The agent receives requests from modules and quickly decides whether those requests contain attacks or not. The agent then passes their decision back to the module. |
Agent alerts | Custom alerts that trigger notifications whenever:
|
Agent mode | Determines whether to block requests, not block requests, or entirely disable request processing. |
Allow | An agent decision to allow a request through. |
Anomalies | Abnormal requests that, although not attacks, may still be notable. Examples include malformed request data and requests originating from known scanners. |
API access tokens | Permanent tokens used to access the Signal Sciences API. Users can connect to the API using their email and access token. |
Attacks | Malicious requests containing attack payloads designed to hack, destroy, disable, steal, gain unauthorized access, and otherwise take harmful actions against a corp’s sites. |
Audit log | An audit of activity, changes, and updates made to a site or corp. |
Blocking | An agent mode that blocks subsequent attacks from a flagged IP address after it has been identified as malicious. Blocking mode still allows legitimate traffic through if the requests do not contain attacks. |
Cards | Visual charts of data that can be monitored and customized on site dashboards. |
Cloud engine | One of the main components of the Next-Gen WAF architecture. The cloud engine collects metadata to help improve agent detections and decisions. |
Configurations | A set of features that users can customize to meet their business needs. Configurations include: rules, lists, signals, alerts, integrations, site settings, and user management. |
Corp (Corporation) | A company hub for monitoring all site activity and managing all sites, users, and corp configurations. Users are authenticated against a corp and can be members of different sites in that corp. |
Dashboards | The corp and site homepages. The site dashboard gives visibility into specific types of attacks and anomalies. The corp dashboard gives a snapshot of all top site activity including which sites have the most attack requests, blocked requests, and flagged IP addresses. |
Events | Actions that Next-Gen WAF takes as the result of regular threshold-based blocking, templated rules, site alerts, and rate limit rules. This includes any occurrence that happens on the Events page, such as a flagged IP address. Events are automatically system generated. |
Flagged IP addresses | An IP address that has been flagged for exceeding thresholds. |
Header links | External data like Kibana or Datadog that connects with request data from the Next-Gen WAF. |
Integrations | DevOps toolchain apps that send activity notifications to users. Examples include Slack, Datadog, PagerDuty, mailing lists, and generic webhooks. |
IP Anonymization | IP addresses are converted to anonymous IPv6 addresses so that the Next-Gen WAF will not know the actual IP address, which causes the IP address to appear anonymous in the dashboard. |
Lists | Sets of custom data used in corp and site rules, such as a list of countries a corp doesn't do business with. Lists include sets of countries, IP addresses, strings, and wildcards. |
Log | In not blocking mode, requests that would have been blocked are logged and allowed to pass through instead. |
Module | One of the main components of the Next-Gen WAF architecture. The module receives and passes requests to the agent. It then enforces the agent's decisions to either allow, log, or block those requests. |
Monitor | To observe and keep watch over corp and site events. |
Monitor view | The site dashboard in a TV-friendly format. |
Next-Gen WAF | The overall platform that protects a corp's sites. |
Not blocking | The default agent mode. In this mode, attacks are logged but not blocked and the site is not actively protected. |
Notification | Any product message sent internally or externally. External notifications are sent through integrations when activity happens (e.g., a Slack notification is sent when a new site is created). |
Observer | A user role that can view sites they are assigned to, but cannot edit any configurations. |
Off | An agent mode that stops sending traffic to the Next-Gen WAF and disables all request processing. |
Owner | A user role that has access to all corp configurations, can edit every site, and can manage users. |
Rate limit rule | A type of rule that allows you to use the Advanced Rate Limiting feature to define arbitrary conditions and automatically begin to block or tag requests that pass a user-defined threshold. |
Redactions | Sensitive data that is not sent to the Next-Gen WAF backend for privacy reasons. Next-Gen WAF redacts some sensitive data by default, such as credit card numbers and social security numbers. In addition to the default redactions, users can specify their own custom redactions. |
Request rule | A type of rule that allows you to define arbitrary conditions to block, allow, or tag requests. |
Requests | Information that is sent from the client to the server over the hypertext transfer protocol (HTTP). Next-Gen WAF protects over a trillion production requests per month. |
Response time | The amount of time between when a request was received by the server and when the server generated a response. |
Role | Every user is assigned one role: owner, admin, user, or observer. |
Rules | A configuration that defines conditions to block, allow, or tag requests or exclude built-in signals. |
Sampling | The act of taking a random sample of certain types of requests to be stored and available in the console. |
Signal | A descriptive tag about a request. |
Signal exclusion rule | A type of rule that allows you to define arbitrary conditions to exclude a specific system signal (such as XSS ). |
Site (Workspace) | A single web application, bundle of web applications, API, or microservice that Next-Gen WAF can protect from attacks. Users can monitor events, set up blocking mode to block attacks, and create custom configurations on sites. |
Site alerts | A custom alert that allows users to define thresholds for when to flag, block, or log an IP address. |
Suspicious IP addresses | IP addresses that are approaching thresholds, but have not yet met or exceeded them. |
Templated rule | A type of partially pre-constructed rule that, when filled out, allows you to block, allow, or tag certain types of requests. |
Thresholds | A limit either that must be exceeded for a certain event to happen. For example, suspicious IP addresses must exceed a certain threshold to become flagged. |
User (role) | A user role that can edit site configurations on sites they are assigned to. |
Users | All of the people who manage, edit, or just observe activity. A user belongs to a particular corp and is identified by an email address and password. A user can be a member of one or more sites. |
Virtual Patch | A virtual patch prevents attacks of a known vulnerability in a module or framework by not allowing the attacks to reach the web app. This buys time to fix the underlying vulnerability while the virtual patch is protecting the app. |
Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.