BoT Defense Traffic Analytics Tab
We have recently implemented Bot Defense Profiles on our BIG-IP F5 and applied them to our VMs. However, we seem to have run into a small issue. The Security > Event Logs: Bot Defense: Bot Traffic is not displaying analytics. When we click on View Detected Bots, there is data present though.
Initially, I thought it could simply be due to my permissions, as many of the summary views require access to raw logs, and many of the roles don’t have that permission (and can’t obtain it because roles are predefined and fixed). But after checking with administrators, they also can't see the analytics tab data. We considered sending data to SIEM for visualization. However, it would be prudent to have those graphs visible in F5 as well.
It appears that some configurations are missing.
I would greatly appreciate any help or links regarding this issue.
Thank you 🙂
Hi dbaimakov ,
For BOT traffic tab , if you see samples in bot event , you should see Bot traffic as well ( trusted / untrusted / browser ...)
Go to your Bot profile and check mitigation settings , maybe you set it to alarm only , when you adjust it , you should see sample in Bot traffic during any Bot attack.
Try to configure some mitigating as block not alarm , if there is bot attack it will reflect on dos traffic event log.
As further I know , no Bot tabs in bigip analytics profile , and for analytics profile you need to provision AVR for more granular visibility on application.