Responder policy logs

The Responder Policy Logs section displays an overview of Response Policies that have been configured and triggered.

Access to responder policy logs

To access the CWAAP responder policy logs, use the left-hand navigation menu and select Analytics, then WAF, Logs, and then Responder Policy Logs.

Responder policy logs filtering

The Responder Policy Logs filter option has a drop-down menu that allows you to select any configured Asset or VIP for your account. By default, the All Assets (Combined) is selected.

Export responder policy logs

The Responder Policy Logs displayed on the screen can be exported into either a .PDF file, or in a JSON file.

Date range configuration

The Responder Policy Log has various default time range configurations, and the option to create a custom time range to retrieve the Responder Policy Logs.

  • Today
  • Yesterday
  • Last 7 Days
  • Last 30 Days
  • This Month
  • Last Month
  • Custom Range

The Custom Range can be up to ninety (90) days in the past.

Responder policy log details

The Responder Policy Log Details table provides an overview of the policy by displaying the following details. Each field has a sort option that sorts the results either in ascending or descending order (either alphabetical or numerical depending on the column details).

Name Description
Responder Action Displays the Action taken. Either Log or Block.
Source IP Displays the IP Address where the traffic originated.
Destination IP Displays the IP Address of the intended destination.
Port Displays the port number.
Method Buffer Overflow is one of the best-known forms of software (security) vulnerability. Buffer overflows can be used to corrupt the execution stack of a web application. “Sending carefully crafted input to a web application, an attacker can cause the web application to run arbitrary code – effectively taking over the machine.”
Method Displays the Method type (GET, POST, and so forth)
Host Displays the IP Address of the configured host.
URI
Site
Date/Time Displays the time in which the incident occurred (in UTC).
Responder policy logs