• Feature Description
Have the “WAAP >> Security Analytics” available in the namespace System to do an Analytics on any namespaces and any LBs.
If required to limit the number of logs to make this feature available in stage I, an implicit filters could be set: “WAF” logs AND attack signature in Staging mode.
• Problem Statement
When the SecOps is looking for the potential False Positives related to an attack signature in Staging mode, he has to do the same search in the “WAAP >> Security Analytics” dashboard of each LB of each namespace. This toil job consume too much effort from our customer’s SecOps team and makes the attack signature in Staging mode too long.
• Business Impact
Risk of False Positive after the Staging period
• Security Considerations
Risk of Compromission of a customer’s asset during the attack signature in Staging mode.
• Competitive Landscape
Couldflare and Akamai doesn’t have the Attack Signatures Staging feature. Staging mode for them is like Monitoring mode for F5 XC, aka Logging and not blocking.
https://developers.cloudflare.com/waf/managed-rules/reference/cloudflare-managed-ruleset/
https://techdocs.akamai.com/cloud-security/docs/app-api-protector
• Existing Workarounds
None
• Risks of Not Implementing
Make Dangerous, at RISK (Security or False Positive) the use of Attack Signatures Staging feature, and so useless.