Setup Report Triggers

CloudGuard WAF protects web servers from attacks. It is possible to configure objects called Trigger objects to determine what will occur when attacks are detected.

One of those Trigger objects is of type "Report" and allows a graphical summary report to be sent by email to multiple addresses on a daily or weekly schedule.

Setting up a Report Trigger

Step 1: Create a new "Report" trigger

Browse to Policy->Triggers and create a new Trigger object of type Report.

Configure a new name to the new trigger object:

Step 2: Configure schedule and email addresses

1. Schedule - Set up the hour in a daily schedule in which you wish the report to be sent. Or change the schedule to be a weekly schedule and add the day/s of the week in which you want the report to be sent:

1. Email recipients - Add all email addresses to which the report should be sent.

Step 3: Setup your security practice to use the new Log Trigger object/s

Browse to Policy->Assets and edit the asset you wish to modify.

Go to the Threat Prevention tab and scroll to the bottom.

Click on the '+' icon next to Triggers and add your new Report Trigger object.

WAF Report

According to the configured schedule an email report will be sent for each asset that uses the Report Trigger object and will include a PDF attachment that contains the actual report.

The email report contains several sections:

1. The domains of the protected asset (Top 3 in case the asset contains more).

2. Statistics and traffic information:

   1. Learning status and number of suggestions pending for fine tuning.

   2. Numbers of sources, suspected requests and benign/prevented events.

   3. Numbers of total requests, as well as breakdown by method and response code for the past day, week and month.

3. Graphical representation of the top valuable security data:

   1. Top countries and the number of malicious requests coming from them.

   2. Top attack types and sources.

   3. Top URLs being attacked.