View and Understand DDoS Analytics

Overview

StackPath's Control Portal and API provide users with detailed analytics related to any DDoS attack that impacts a WAF site. While the WAF remains an effective tool that mitigates any current and future attacks, users also have the ability to analyze the harmful requests responsible, which would help provide more insight that can be used to create additional WAF Rules.

Viewing DDoS Analytics

1. In the StackPath Control Portal, in the left-side navigation, click Sites. 
2. Locate and select the desired site. 
3. In the left-side navigation, click Analytics. 
4. Click DDoS Attacks.
5. In the top, right corner of the screen, you can use the time frame tool to configure the displayed data. When you select a new time frame, data in this screen will automatically refresh.
   • DDoS analytics are stored for 32 days.

Notifications

In the event of an active DDoS attack, a notification will appear in the Portal at the top of the page. Clicking on View Attack will take you to the DDoS Analytics page, where you can view more details related to this specific attack. 

DDoS Analytic Types

DDoS Attacks Over Time

This graph displays requests associated with DDoS attacks as plots. DDoS request data can be filtered by the timeframe of each attack by clicking the drop-down menu and selecting the checkbox next to the attack you want to view. Up to 4 sets of timeframes can be viewed simultaneously.

Attack Requests

This table displays a list of requests associated with the attack(s) selected from the Items drop-down menu in the DDoS Attacks Over Time section. You can search for specific attacks by clicking the Select Field drop-down menu and entering an IP or Response Code.

The Attack Requests table provides the following information:

• Request ID
• Date
• IP Address
• Response Code
• URL Targeted
• Result (Allow, Block, Captcha, JavaScript Validation)

To view more details about a specific request listed in this table, click on the Request ID.