BoT Defense Traffic Analytics Tab

Question

&nbsp;Hi guys,We have recently implemented Bot Defense Profiles on our BIG-IP F5 and applied them to our VMs. However, we seem to have run into a small issue. The Security &gt; Event Logs: Bot Defense: Bot Traffic is not displaying analytics. When we click on View Detected Bots, there is data present though.Initially, I thought it could simply be due to my permissions, as many of the summary views require access to raw logs, and many of the roles don’t have that permission (and can’t obtain it because roles are predefined and fixed). But after checking with administrators, they also can't see the analytics tab data. We considered sending data to SIEM for visualization. However, it would be prudent to have those graphs visible in F5 as well.It appears that some configurations are missing.I would greatly appreciate any help or links regarding this issue.Thank you 🙂&nbsp;

mohamed_ahmed_kansoh · Accepted Answer

Hi dbaimakov&nbsp;,&nbsp;
For BOT traffic tab , if you see samples in bot event , you should see Bot traffic as well ( trusted / untrusted / browser ...)&nbsp;
Go to your Bot profile and check mitigation settings , maybe you set it to alarm only , when you adjust it , you should see sample in Bot traffic during any Bot attack.&nbsp;
Try to configure some mitigating as block not alarm , if there is bot attack it&nbsp; will reflect on dos traffic event log.
&nbsp;
As further I know , no Bot tabs in bigip analytics profile , and for analytics profile you need to provision AVR for more granular visibility on application.

mohamed_ahmed_kansoh · Answer

Hi&nbsp;dbaimakov&nbsp;,&nbsp;For Bot Traffic in Event log tab &gt;&gt;&gt; did you edit your logging profile to log bot detections ?&nbsp;Go to securtiy &gt;&gt; Event log &gt;&gt; Logging profiles &gt;&gt; Select your target profile &gt;&gt; Enable Check box " Bot Defense " you can add filters as much as needed and Enable Check box " Local publisher ".&nbsp;For Analytics or graphs :&nbsp;First you have to provision AVR module in your bigip , if provisioned , you must create an Analytics profile&nbsp;Local traffic &gt;&gt;&gt; Profiles &gt;&gt;&gt; Analytics &gt;&gt;&gt; Create ( and add all needed metrics )&nbsp;don't add all VIPs or huge metrics , this may cause negative impact on system CPU and Memory.&nbsp;wait up to 10-15 mins , your bigip will collect all needed statistics and graphs.&nbsp;But Like I said above for Bot monitoring and logging you have to add it in the logging profile and monitor your events or reported attacks if found.&nbsp;I hope this figures out your needs 🙂&nbsp;

dbaimakov · Answer

Thank you for the guidance Mohamed!The BoT logging profile was set up correctly and is logging away when I go to Security &gt; Event Logs &gt; Bot Defense &gt; Bot Requests.The AVR module was not set up, though; that helped!When I went to create an Analytics Profile, I saw only two options: HTTP analytics and TCP analytics; there is no BoT Analytics per se.Also, the tab to view Graph analytics for BoT traffic is not found in the typical location in Statistics &gt; Analytics &gt; HTTP analytics, CPU, Memory, etc.It is instead found in Security &gt; Event Logs &gt; Bot Defense &gt; BoT Traffic (and that's where I can't see graphs, BUT if I click "View Detected Bots" I do see correlated Bot Events).I did find some information on:Create a new Analytics profile and attach it to your Virtual Servers (f5.com)Create a new Analytics profile and attach it to your Virtual Servers (f5.com)But still, nothing about Analytics Visualization Graphs for BoTs, a feature that seems to allow visualization of Bot Traffic by color graphs with Browser/Trusted Bot/Untrusted Bot, etc.Hope this makes sense, and it's totally ok if it doesn't&nbsp;😂 I'll try F5 support in the meantime but would be cool to get more guidance here as well&nbsp;😀Thank you so much&nbsp;😀Dmitriy&nbsp;

Forum Discussion

BoT Defense Traffic Analytics Tab

3 Replies

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

Bot Management Strategy - Defense against malicious bots with F5 Distributed Cloud Bot Defense

OWASP Tactical Access Defense Series: How BIG-IP APM Strengthens Defenses Against OWASP Top 10

F5 Distributed Cloud Bot Defense Protecting AWS CloudFront Distributions

F5 Analytics iApp

Ubuntu Vuln, Magika Tool, Chrome's Defense Feature, & CVE 2023-50387