A rate limit event occurs when a request exceeds a rate limit. Analyze recently rate limited requests to:
Understand the severity of rate limited requests.
Identify the countries from which rate limited traffic originated.
Identify key individual offenders by their IP address.
View detailed information that describes a rate limited request.
Logging for rate limited requests is downsampled to 10% due to the volume of requests that may occur during a single incident (e.g., volumetric Distributed Denial-of-Service attack).
The Rate Enforcement dashboard will log a single event whenever your rate limit threshold is exceeded. This occurs regardless of the number
of requests that end up being rate limited as a result of this enforcement.
In this example, you have configured a rate limit of 300 requests per minute with an enforcement duration of 1 minute. Assuming the traffic
pattern described below, the Rate Enforcement dashboard will indicate that 4 events took place.
The Security dashboard contains the following components:
Chart: A chart or line graph displays the number of events detected over a given time period.
By default, a single line on the graph represents all events. Alternatively, categorize events by selecting the desired categorization criteria from the option that appears directly above the graph. A line will be drawn on the chart for each unique value. For example, if you select Profile Type and requests were screened by production and audit rules, then the graph will contain a line for audit and another one for production.
By default, graphing events by type will include up to the 10 most popular entries. Customize this limit through the Max Top Number option. This option also affects the maximum number of unique entries that may be listed for each type of statistic listed under the graph.
Statistics: Statistics on the events detected over a given time period are displayed directly below the chart.
Statistics are broken down by category.
By default, statistics for up to the 10 most popular entries may be displayed for each category. Customize this limit through the Max Top Number option. This option also affects the maximum number of lines that may be graphed.
The following information is displayed for each category:
<Value>: Groups events by the request’s value for the current category.
The following illustration shows a partial listing of values for the Rule Message category.
%: Indicates the percentage of detected events over a given time period that belong to the group identified by the Value field.
Percentages are calculated from the total events detected during the given time period. The Max Top Number option determines the limit of entries per category. If the number of entries exceeds this limit, then the sum of the percentages for that category will not add up to 100%.
Events: Indicates the number of detected events that belong to the group identified by the Value field.
Key information:
By default, a chart includes all rule violations within the last seven days.
The chart may be filtered by the criteria listed directly below it. Additional filters are available when viewing an individual alert from the event log.
The time period being charted may be adjusted through the Time Frame option.
Hovering over the line graph will indicate the exact number of violations that took place during that time slot.
Filter the Security dashboard by clicking on a top entry for a particular category or by setting up an advanced filter.
Key information:
Apply a filter by finding the desired category under the Additional Filters section and then clicking on a top entry. After which, the (filter) icon will be displayed next to it. This icon indicates that the dashboard is being filtered by that entry.
You may not filter the dashboard through the Timestamp field. Use the Time Frame option instead. This mandatory option filters the dashboard for events that occurred during a relative time period from the present (e.g., Last 24 hours or Last 7 days).
The Filters section, which appears on the left-hand side
of the dashboard, displays a list of active filters. It also allows
a filter to be cleared by clicking on the (delete)
icon displayed next to
it.