As part of release cycle management F5 Distributed Cloud (F5 XC) keeps on releasing new features. July[1] upgrade has released 2 new features in Web Application and Api Protection (WAAP).  

Let’s dive into them one by one. 

WAAP Events Export: 

Security dashboards capture different types of logging metrics and sometimes users may need these logs to analyze them offline. WAAP Exports feature addresses this problem by exporting the latest 500 security related logs in csv format. Users can export logs from events, incidents and requests tabs of security dashboard. 
 

Feature can be checked by following below step: 

1. Login to F5 XC console and navigate to "Distributed Apps” menu
2. Under "Load Balancers” section, click on “HTTP Load Balancers” page
3. Click on “Security Monitoring” link under your load balancer name
4. Navigate to “Security Analytics” tab
5. Filter your needed logs and then click on “Download” button as below
   Fig 1: Image showing navigation path
   
   
6. Logs can also be downloaded from “Incidents” and “Requests” tabs as below
   Fig 2: Image showing export feature in Incidents tab
   Fig 3: Image showing export feature in Requests tab
   

 
 
WAAP Trends: 

Production security dashboards show plenty of logging information to understand the security posture of their Apps and API’s currently for the ongoing traffic. Owners can go through them to analyze the traffic and come to decisions if ongoing data is malicious and has any threats. This process is a little time-consuming and needs human expertise in traffic analysis. Users are looking for a top-level overview of how many attacks are seen in a specific period compared to the last period. 

WAAP Trends feature in security dashboards of HTTP load balancer enables users to view the change in metrics (up or down) compared with previous period. Incoming traffic is analyzed using internal tools to decide the sentiment (positive, negative or neutral) and is displayed in UI thereby saving lot of time. Users can instantly check the sentiment and if needed can update the existing configurations to safeguard the applications. 

As I was writing this article, I keep remembering this famous generic quote “Trend is your Friend” which conveys the importance of identifying the current trend in safeguarding your applications. 

Feature can be checked by following below step: 

1. Login to F5 XC console and navigate to "Distributed Apps” menu
2. Under "Load Balancers” section, click on “HTTP Load Balancers” page
3. Click on “Security Monitoring” link under your load balancer name
4. Trend is available for different features like API Security, Bot Defense, WAF, Security policy, etc. Check the current trend in each widget fields as shown below - 
   
    
   Fig 4: Image showing trends in security dashboard
   
   
5. Trend feature is also available in bot defense dashboard for different fields like Human & Malicious traffic, Good bots, etc. as displayed below -
   Fig 5: Image showing Bot Defense Trends
   
   

I hope this article has provided a summary of newly implemented features of WAAP events export and trends which focus on logging and security dashboards.

Stay tuned for more feature article. For more details refer below links: 

1. Overview of WAAP
2. Load balancer creation steps
3. Monitoring load balancer
4. Get started with Distributed Cloud