Application Delivery Management

Configure an action policy to receive application event notifications

Apart from the existing analytics view of application events, you can configure an action policy to get application event notifications through Slack, Email, PagerDuty, or ServiceNow. The application events include performance issues, bot and WAF violations, and service graph violations. As an administrator, using the action policy, you can get event notifications in real time.

Using the action policy, you can:

  • Predefine certain conditions for the application events.

  • Get notified for the following events through Slack, Email, PagerDuty, and ServiceNow:

    Event Categories Event sub categories Events
    Security Violations All Security Violations All Bot Violations (For more information on the list of bot violations, see violation categories).
        All WAF Violations (WAF SQL Violations, WAF XSS Violations, and WAF Infer XML Violations)
      All Security Violations per Client Bot Violations per Client
        WAF Violations per Client
        Note: To receive the WAF violation notification, the minimum violation transactions must be 20%. For example, out of 100 transactions, minimum 20 must be violation transactions.
    Application Performance   App score violation
        Client network laretency
        Server network latency
        Server processing time
        Response time
        Requests
        Bandwidth
        Service graph violation
    Application Usage   Requests per second
        Throughput
        Data Volume

Configure an action policy

  1. Navigate to Settings > Action > Action Policies.

  2. Click Add.

  3. In the Create Action Policy page:

    1. Policy Name – Provide a policy name of your choice.

    2. Enabled – This option is selected by default.

    3. If the Following Event Occurs – From the list, select an event.

    4. And the Following Condition is Met – From the list, select to define a condition for which you want to get notified. You can click + to add more conditions. To remove a condition, click .

      You can configure the action policy using the following operators. The operators appear based on the conditions you select.

      Operator Description
      Equal to Equals to a defined value
      Not Equal to Not equals to a defined value
      Greater than Greater than a defined value
      Greater than or Equal to Greater than or equal to a defined value
      Less than Lesser than a defined value
      Less than or Equal to Lesser than or equal to a defined value
      Contains Contains the defined term or value
      Starts with Starts with a defined term or value
      Ends with Ends with a defined term or value
      IN Allows you to select multiple values
    5. Then Do the Following – Select Notify. After you select Notify, the Notification Type option is displayed.

    6. Notification Type – Select the notification type Email, Slack, PagerDuty, or ServiceNow. Depending upon the notification type you select, the corresponding option (Distribution list, Slack Profile, PagerDuty Profile, or ServiceNow profile) appears. Select a profile from the list.

      If you want to create a new profile, click Add.

    7. Click Create Policy.

      The policy is configured. You can view the configured policy details.

      Configured policy

      After you configure the policy, you can select the policy and click:

      • Edit to update or change the action policy. After you update, click Update Policy.

      • Delete to remove the action policy. You can select multiple policies and click Delete to remove them.

      • Action History to view details such as time, action taken, policy name, alert type, and alert message.

The following table describes the details of action policy configuration.

Violation name Condition Description
All Security Violations Instance IP IP address of the NetScaler instance. Select the IP address from the list.
  Violation Count The violation count for which you want to get notified. For example, if you configure violation count as less or equal to 10, you will get notified if 10 or less bot violation transactions are received.
  Violation Ratio This value indicates the total violations from specific transactions and the value must be between 0 and 1. For example, out of 100 transactions, 20 are violations and if you wanted to get notified for such a scenario, you must enter 0.2.
All Bot violations Bot profile The bot profile name that is used for configuring bot management on the NetScaler instance.
  Instance IP IP address of the NetScaler instance. Select the IP address from the list.
  Violation Count The violation count for which you want to get notified. For example, if you configure violation count as less or equal to 10, you will get notified if 10 or less bot violation transactions are received.
  Violation Ratio This value indicates the total violations from specific transactions and the value must be between 0 and 1. For example, out of 100 transactions, 20 are violations and if you wanted to get notified for such a scenario, you must enter 0.2.
All WAF Violations, WAF SQL Violation, WAF XSS Violation, WAF Infer XML Violation WAF Profile The WAF profile name that is used for configuring WAF security settings on the NetScaler instance.
  Instance IP IP address of the NetScaler instance. Select the IP address from the list.
  Violation Count The violation count for which you want to get notified. The minimum requirement for the WAF violations to get notified is 20%.
  Violation Ratio This value indicates the total violations from specific transactions and the value must be between 0 and 1. For example, out of 100 transactions, 20 are WAF SQL violation transactions and if you want to get notified for such a scenario, you must enter 0.2.
All Security Violations per Client Application Name The custom application name. Select the application from the list. If you do not add this condition, then all applications from the NetScaler instance are considered.
  Instance IP IP address of the NetScaler instance. Select the IP address from the list.
  Client IP The source from where the Bot originates. Specify the IP address.
  Total Attacks The total attacks for which you want to get notified.
  Request URL The URL that you want to configure to block. Specify the URL.
  Vserver name The associated applications configured for custom applications. Select the application from the list. If you do not add this condition, then all applications from the NetScaler instance are considered.
Bot Violations per Client Application Name The custom application name. Select the application from the list. If you do not add this condition, then all applications from the NetScaler instance are considered.
  Instance IP IP address of the NetScaler instance. Select the IP address from the list.
  Client IP The source from where the Bot originates. Specify the IP address.
  Total Attacks The total attacks for which you want to get notified.
  Violation Type Select the bot violation from the list.
  Request URL The URL that you want to configure to block. Specify the URL.
  Vserver name The associated applications configured for custom applications. Select the application from the list. If you do not add this condition, then all applications from the NetScaler instance are considered.
WAF Violations per Client Application Name The custom application name. Select the application from the list. If you do not add this condition, then all applications from the NetScaler instance are considered.
  Instance IP IP address of the NetScaler instance. Select the IP address from the list.
  Client IP The source from where the Bot originates. Specify the IP address.
  Total Attacks The total attacks for which you want to get notified.
  Violation Type Select the WAF violation from the list.
  Request URL The URL that you want to configure to block. Specify the URL.
  Vserver name The associated applications configured for custom applications. Select the application from the list. If you do not add this condition, then all applications from the NetScaler instance are considered.
App Score Violation Performance Indicator The app score components and their threshold values. Select the app score component from the list. For more information, see Select App Score components and set thresholds.
  Breach Count The breach count for which you want to get notified. For example, if you configure breach count Equal to 5 for response time, you will get notified when the response time threshold is breached 5 times.
  Application Name Click Select Applications to select the applications that you want to get the violation notified.
Client Network Latency Client Network Average Latency Specify the client latency (client to NetScaler) value in milliseconds for which you want to get notified.
  Client Network Latency Anomalies Specify the anomaly count for the network latency that you want to get notified.
  Application Name Click Select Applications to select the applications that you want to get the violation notified.
Server Network Latency Server Network Average Latency Specify the server latency (server to NetScaler) value in milliseconds for which you want to get notified.
  Server Network Latency Anomalies Specify the anomaly count for the network latency that you want to get notified.
  Application Name Click Select Applications to select the applications that you want to get the violation notified.
Response Time Response Avg Time Specify the value (in milliseconds) for which you want to get notified.
  Response Avg Time Anomalies Specify the anomaly counts for which you want to get notified.
  Application Name Click Select Applications to select the applications that you want to get notified. If you do not select any application, then it is applied in all applications.
Requests Total Requests Specify the total requests for which you want to get notified.
  Application Name Click Select Applications to select the applications that you want to get notified. If you do not select any application, then it is applied in all applications.
Bandwidth Total Bandwidth Specify the bandwidth (MB) for which you want to get notified.
  Application Name Click Select Applications to select the applications that you want to get notified. If you do not select any application, then it is applied in all applications.
Server Processing Time Server Processing Average Time Specify the server processing (server to NetScaler) value in milliseconds for which you want to get notified.
  Server Processing Time Anomalies Specify the anomaly count for the server processing time that you want to get notified.
  Application Name Click Select Applications to select the applications that you want to get the violation notified.
Service Graph Violation   Microservices that breach the configured thresholds. For more information, see Configure thresholds in service graph.
Requests per second Requests per second avg The number of requests received by the application per second. Specify the average value to get notified.
  Requests per second avg anomalies Specify the average anomaly count for which you want to get notified.
    Note: If you are using AND condition for this event, you can configure either Requests per second avg and Application Name or Requests per second anomaly average and Application Name.
  Application Name Click Select Applications to select the applications that you want to get the violation notified.
Throughput Throughput avg The total data transmitted for a specific period. Specify the average value (in MB) to get notified.
  Throughput avg anomalies Specify the average anomaly count for which you want to get notified.
    Note: If you are using AND condition for this event, you can configure either Throughput avg and Application Name or Throughput avg anomaly and Application Name.
  Application Name Click Select Applications to select the applications that you want to get the violation notified.
Data Volume Total Data Volume The total data that is to be transferred in a specific duration. Specify the value (in MB) to get notified.
  Data Volume Anomalies Specify the anomaly count for which you want to get notified.
    Note: If you are using AND condition for this event, you can configure either Total Data Volume and Application Name or Data Volume Anomalies and Application Name.
  Application Name Click Select Applications to select the applications that you want to get the violation notified.

The search bar enables you to filter results. When you click the search bar, it gives you a list of search suggestions. You can select the component and filter the results based on your requirements.

Action policy search bar

Use the audit logs option

Click Audit Logs and select the duration from the list to view the action policies that are created, modified, and deleted for the selected duration and click Search.

Note

The data storage policies are expected to change in the upcoming releases. With these changes, you cannot store historical data after it exceeds the storage limit. For now, it is recommended to add more storage or keep the storage within the license entitlement limits.

Configure an action policy to receive application event notifications