To monitor user and session information, you first need to set up session tracking
for the security policy.
You can use the reporting tools in Application Security
Manager™ to monitor user and session details, especially when you need to
investigate suspicious activity that is occurring with certain users, sessions, or IP
On the Main tab, click
The Requests screen opens and shows all illegal requests that have
occurred for this security policy.
In the Requests List, click anywhere on a request.
The screen displays details about the request including any violations
associated with the request and other details, such as the source IP address,
user name, and session ID.
On the Request Details tab, in the General Details area, next to the
Username, Source IP Address,
or Session ID, click the Show Session
Awareness details link.
The screen displays the session awareness action flags that you can
Update the settings for your selections, as appropriate.
|Log All Requests
||When set to Enabled, the system immediately
begins to log activity for the user, session, or IP address and
continues for the log activity period (600 seconds by default).
||When set to Enabled, the system is
immediately more tolerant of blocking selected violations (configured
using . The delay lasts for the
delay blocking period (600 seconds by default).
||When set to Enabled, the system blocks all
activity for this user, session, or IP address until further
On the menu bar, click Session Tracking Status.
You can see the list of action flags that you previously set. You can
also add or release action flags from the Session Awareness screen.
To see a graphical view of the violations, from the Charts menu, choose
The Charts screen opens where you can view pie charts and bar
In the Charts area, next to View by, click the viewing
criteria for the report you want to see.
For example, you can view information about illegal requests by user name,
session ID, or IP address. Then you can filter the Requests list by the top
violator and examine request details for the user, session, or IP
Examine the charts and review the data you need. Click
Export to create a PDF of any charts you want to
After you set up session tracking, you can monitor the specific requests that cause
violations by examining each request and reviewing graphical charts. From the Requests
list, you can also set up logging, delay blocking, or block all requests for a specific
user, session, or IP address.