Manual Chapter : Managing Security Reports

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 5.3.0
Manual Chapter

About security reporting

Reporting for BIG-IQ® Network Security

You can use BIG-IQ® Network Security Reporting to view reports for managed BIG-IP® devices that are provisioned for Application Visibility and Reporting (AVR). Reports can be for a single BIG-IP device or can contain aggregated data for multiple BIG-IP devices (that are of the same BIG-IP device version).

Network Firewall, DoS and IP Intelligence reports can be created. Analytic reports provide detailed metrics about application performance such as transactions per second, server and client latency, request and response throughput, and sessions. Metrics are provided for applications, virtual servers, pool members, URLs, specific countries, and additional detailed statistics about application traffic running through one or more managed devices. You can view the analytics reports for a single device, view aggregated reports for a group of devices, and create custom lists to view analytics for only specified devices.

Reporting for BIG-IQ® Web Application Security

You can use BIG-IQ® Web Application Security Reporting to view reports for managed BIG-IP® devices that are provisioned for Application Visibility and Reporting (AVR). Similar to the availability of the AVR reporting on a single device, you have the ability to get visibility into application traffic passing through a single managed BIG-IP device or an aggregated system (aggregated data for multiple BIG-IP devices.

You can generate reports and charts in the following areas:

  • Application. You can view information about requests based on applications (iApps), virtual servers, security policies, attack types, violations, URLs, client IP addresses, IP address intelligence (reputation), client countries, severities, response codes, request types, methods, protocols, viruses detected, usernames, and session identification numbers.
  • Anomalies. You can view charts of statistical information in graphs about anomaly attacks, such as brute force attacks and web scraping attacks. You can use these charts to evaluate traffic to the web application, and to evaluate the vulnerabilities in the security policy.
  • DoS. If you have configured DoS protection on the BIG-IP system, you can view charts and reports that show information about DoS attacks and mitigations in place on the system.