Configure WAF Risk Settings

Configuring the risk settings enables the user to define a set of violations and associate it with the profiles, based on which the risk reports will be generated. These reports can be used to mitigate the risks at an infrastructure or application level.

To configure the WAF risk settings:

  1. Click and select Control Center.
  2. Run a search.
  3. On the search results screen that opens, click the WAF tab.
  4. Click in the Command bar.
  5. On the Risk Report Settings screen that opens, click the Violation Definition tab if it not displayed by default.
    The predefined set of violations under the default category is displayed.
  6. Modify the severity of the existing violations by clicking the corresponding radio buttons as required.
  7. (Optional) If you want to add a new violation, do the following:
    1. In the Custom Violations section, enter a name for the violation to help the users identify it.
    2. From the Parameters dropdown list, select the parameter based on which you want the risk report to be generated.
    3. In the Operators dropdown list, select either equal to or not equal to option depending on whether you want the parameters and the values provided to be an exact match.
    4. Enter a value for the parameter you selected in Step 7. b.
    5. In the Operators dropdown list, select the AND or OR option depending on whether you want to use a boolean operator between the parameters you set for the violation.
    6. From the Risk dropdown, select the severity that must be associated with the parameter.
    7. Click the Add button to create a new violation.
    8. You can delete or modify the custom violation details by clicking either or .
    9. Click Add and repeat Step 7.a. through 7.f. to add more violations to the corresponding category.
  8. Click Save.
    A new category is created which displays all the configured violations and its severity.
  9. Click the Profile Association tab.
  10. Select any one of the following levels under the List section, to associate their profiles with the category.
    • Device
    • Application
  11. Select the checkbox beside the profiles and then, click Save.
  12. If you want to use a regular expression (regex) to identify the profiles you want to associate with the category, enter the regex in the Search field, then click the Add as regex button. The list updates and shows checkmarks beside all profiles that match the regex to indicate that they have been selected. The Regex column also displays the total number of profiles that match each of the regex search criteria you have created.
    The risk reports are generated based on the set of violations and its associated profiles you configured. The Risk column in the search results screen will display the risk reports for each rule.
  13. (Optional)To create more category of violations, follow these steps:
    1. Click on the left-hand side of the screen.
    2. Click . All the predefined violations available under the default category is displayed.
    3. Enter a name for the category to help the users identify it.
    4. Repeat Step 8. through 13.
  14. (Optional) To create an exact copy of the existing category, follow these steps:
    1. Select the category on the left-hand side of the screen.
    2. Click .
      The cloned category is created with all the violations and its associated profiles the same as the category you selected in Step 15.a.
  15. (Optional) To rename a category, follow these steps:
    1. Select the category on the left-hand side of the screen.
    2. Click .
    3. Modify the name of the selected category and then, click .
  16. (Optional) To delete the category, follow these steps:
    1. Select the category on the left-hand side of the screen.
    2. Click .
    3. In the Confirmation dialog box, click Delete.
      All the corresponding violations and their associated profiles will be deleted.