The WAF Trends screen shows a quick visual summary of security events that were triggered by WAF rules. It is reached from the Security section of the navigation panel:
The Traffic Matching WAF Rules donut chart plots how much traffic triggered a WAF rule and, of the total, how much was blocked:
Hover the mouse over a section of the chart to see the totals and time ranges:
The WAF Event Trends graph plots events triggered by the WAF. The time axis units depend on the current time filter setting. Use the Block/Warn toggle to switch between events that triggered a warning and those that were blocked:
Hover the mouse pointer over a time window to see the total hits and average requests per second of WAF events that occurred in the hour around the chosen point:
The WAF Rule Events By Location bar chart shows triggered WAF rules by country:
Use the Block/Warn toggle to switch between events that triggered warnings and events that triggered blocking of the request.
Hover the mouse over data in the chart to display details for a particular country:
Finally, there are four "top ten" lists that display the top ten IP addresses, countries of origin, browsers, and URL paths that were the sources of WAF events for the selected time period:
Use the Block/Warn toggles to switch between events that triggered warnings and events that triggered blocking of the request.
Each list contains a view top 500 link that displays the top 500 in a single pane. For example:
Each Top Ten list has a view top 500 link that displays the top 500 in a single pane, in this example IP addresses.