Overview
StackPath's Control Portal and API provide users with detailed analytics related to any DDoS attack that impacts a WAF site. While the WAF remains an effective tool that mitigates any current and future attacks, users also have the ability to analyze the harmful requests responsible, which would help provide more insight that can be used to create additional WAF Rules.
Viewing DDoS Analytics
- In the StackPath Control Portal, in the left-side navigation, click Sites.
- Locate and select the desired site.
- In the left-side navigation, click Analytics.
- Click DDoS Attacks.
- In the top, right corner of the screen, you can use the time frame tool to configure the displayed data. When you select a new time frame, data in this screen will automatically refresh.
- DDoS analytics are stored for 32 days.
Notifications
In the event of an active DDoS attack, a notification will appear in the Portal at the top of the page. Clicking on View Attack will take you to the DDoS Analytics page, where you can view more details related to this specific attack.
DDoS Analytic Types
DDoS Attacks Over Time
This graph displays requests associated with DDoS attacks as plots. DDoS request data can be filtered by the timeframe of each attack by clicking the drop-down menu and selecting the checkbox next to the attack you want to view. Up to 4 sets of timeframes can be viewed simultaneously.
Attack Requests
This table displays a list of requests associated with the attack(s) selected from the Items drop-down menu in the DDoS Attacks Over Time section. You can search for specific attacks by clicking the Select Field drop-down menu and entering an IP or Response Code.
The Attack Requests table provides the following information:
- Request ID
- Date
- IP Address
- Response Code
- URL Targeted
- Result (Allow, Block, Captcha, JavaScript Validation)
To view more details about a specific request listed in this table, click on the Request ID.
IPs Participated
This table displays a list of the top IP addresses associated with the selected DDoS attack, along with the total number of times each IP has made a request to your site.
Clients, Tools & User Agents
This table displays a list of the top clients, tools and user agents associated with the selected DDoS attack, along with the total number of times each one has made a request to your site.
URLs Targeted
This table displays a list of the top URLs that were requested during a DDoS attack, along with the number of times each URL was requested.