DDoS Dashboard

The DDoS Dashboard offers centralized, real-time visibility into Distributed Denial of Service (DDoS) activity targeting your applications and APIs. It enables security teams to quickly assess the scope, behavior, and progression of ongoing and past attacks.

DDoS Protection is available for CloudGuard WAF SaaS. It is not available with other local (Gateway, Agent) editions of the product.

Following is a description of the Dashboard sections:

Section
Description

Recent Attacks

Displays a timeline of detected DDoS attacks, including start time, status (e.g., ongoing or resolved), and affected domains. Users can select an event to drill down into detailed telemetry.

Top Source IP Addresses

Lists the IPs responsible for the most traffic during an attack. This helps identify major attack sources or botnet activity. Visual bars help compare relative impact.

Top Destination URLs

Shows the application endpoints most frequently targeted by DDoS traffic, helping to pinpoint abuse patterns DDoS Dashboard

Top Referrers

Identifies external referrer domains linked to attack traffic. This can highlight misused third-party websites or coordinated bot campaigns.

Top User Agents

Displays the most common User-Agent headers observed during an attack, revealing whether bots are spoofing browser or device signatures.

Top Source Countries

Visualizes geographic origin of traffic in a chart, indicating which regions are contributing to the attack load. Useful for geolocation-based defense strategies.

See also:

DDoS Protection
PreviousAPI Discovery DashboardNextEvent Views

Last updated

Was this helpful?