OCI WAF monitoring
Managing web application traffic and protecting applications from threats requires continuous visibility into request patterns, actions, and traffic distribution. Missing abnormal spikes, blocked requests, or malicious activity can lead to security risks or service disruption.
Oracle Cloud Infrastructure Web Application Firewall (WAF) helps protect applications by filtering and monitoring HTTP traffic based on defined security rules and policies.
Site24x7 integrates with OCI WAF to provide visibility into firewall activity, request handling, and traffic behavior from a single console. This integration provides the following monitors:
- WAF Firewall: Monitors overall request volume, traffic, bandwidth, and action level distribution across the firewall.
- Edge Policy Resource: Monitors request handling and traffic distribution based on edge policy rules and modules.
With this setup, you can monitor both firewall-level activity and edge policy-level behavior in one place, helping you detect anomalies and security issues early.
Benefits of Site24x7’s OCI WAF integration
Site24x7's integration with OCI WAF provides you with the following benefits:
- Visibility into request patterns across applications.
- Action level monitoring for allowed, blocked, passed, and redirected traffic.
- Traffic and bandwidth analysis across modules and response codes.
- Faster detection of abnormal spikes or attack patterns.
- Centralized monitoring across compartments and regions.
Use case
A company hosts multiple public facing applications on OCI and uses WAF to protect it from malicious traffic. These applications receive varying traffic patterns throughout the day.
With Site24x7’s OCI WAF integration, the IT operations team monitors request volume, blocked traffic, and bandwidth usage in real time. If there is a sudden spike in blocked requests or unusual traffic from specific modules such as bot management or rate limiting, the team can quickly investigate and take action.
This helps maintain application availability, improve security posture, and prevent potential attacks from impacting users.
Setup and configuration
To get started with OCI WAF monitoring, complete these steps:
- Site24x7 uses cross-tenancy access to monitor your resources using Site24x7's tenancy user. Log in to your Site24x7 account and create a specific policy to allow Site24x7 to view your resources without affecting your security.
- On the Integrate OCI Monitor page, select OCI WAF Firewall from the Services to be discovered list.
Permissions
Ensure that Site24x7 receives the following permissions to monitor the OCI WAF:
- WEB_APP_FIREWALL_READ
- WEB_APP_FIREWALL_INSPECT
- WAAS_POLICY_INSPECT
- WAAS_POLICY_READ
Polling frequency
Site24x7 queries OCI service-level APIs according to the set polling frequency (from once a minute to once a day) to collect metrics from OCI WAF monitors.
Supported metrics
The supported metrics for an OCI WAF and OCI Edge Policy monitors are provided below.
| Metric name | Description | Statistics | Unit |
|---|---|---|---|
| Number Of Requests | Total number of requests processed by the firewall. | Sum | Count |
| Requests Action Allow | Number of requests allowed by the firewall. | Sum | Count |
| Requests Action Blocked | Number of requests blocked by the firewall. | Sum | Count |
| Requests Action Passed | Number of requests passed without enforcement. | Sum | Count |
| Requests Action Redirected | Number of requests redirected by the firewall. | Sum | Count |
| Traffic | Total traffic processed by the firewall. | Sum | Bytes |
| Traffic Action Allow | Traffic allowed by the firewall. | Sum | Bytes |
| Traffic Action Blocked | Traffic blocked by the firewall. | Sum | Bytes |
| Traffic Action Passed | Traffic passed without enforcement. | Sum | Bytes |
| Traffic Action Redirected | Traffic redirected by the firewall. | Sum | Bytes |
| Bandwidth | Bandwidth usage across the firewall. | Mean | Bytes/Sec |
| Bandwidth Action Allow | Bandwidth for allowed traffic. | Mean | Bytes/Sec |
| Bandwidth Action Blocked | Bandwidth for blocked traffic. | Mean | Bytes/Sec |
| Bandwidth Action Passed | Bandwidth for passed traffic. | Mean | Bytes/Sec |
| Bandwidth Action Redirected | Bandwidth for redirected traffic. | Mean | Bytes/Sec |
| Requests Module Access Rules | Number of requests processed by access rules module. | Sum | Count |
| Requests Module Captcha | Number of requests processed by CAPTCHA module. | Sum | Count |
| Requests Module Threat | Number of requests processed by threat module. | Sum | Count |
| Requests Module Modsecurity | Number of requests processed by modsecurity module. | Sum | Count |
| Requests Module Origin | Number of requests processed by origin module. | Sum | Count |
| Requests Module Rate Limiting | Number of requests processed by rate limiting module. | Sum | Count |
| Requests Module Bot Management | Number of requests processed by bot management module. | Sum | Count |
| Requests Rc 200 | Number of requests with HTTP 200 response. | Sum | Count |
| Requests Rc 403 | Number of requests with HTTP 403 response. | Sum | Count |
| Requests Rc 404 | Number of requests with HTTP 404 response. | Sum | Count |
| Requests Rcg 2xx | Number of requests with 2xx responses. | Sum | Count |
| Requests Rcg 4xx | Number of requests with 4xx responses. | Sum | Count |
| Requests Rcg 5xx | Number of requests with 5xx responses. | Sum | Count |
| Traffic Module Access Rules | Traffic processed by access rules module. | Sum | Bytes |
| Traffic Module Captcha | Traffic processed by captcha module. | Sum | Bytes |
| Traffic Module Threat | Traffic processed by threat module. | Sum | Bytes |
| Traffic Module Modsecurity | Traffic processed by modsecurity module. | Sum | Bytes |
| Traffic Module Origin | Traffic processed by origin module. | Sum | Bytes |
| Traffic Module Rate Limiting | Traffic processed by rate limiting module. | Sum | Bytes |
| Traffic Module Bot Management | Traffic processed by bot management module. | Sum | Bytes |
| Bandwidth Module Access Rules | Bandwidth usage for access rules module. | Mean | Bytes/Sec |
| Bandwidth Module Captcha | Bandwidth usage for captcha module. | Mean | Bytes/Sec |
| Bandwidth Module Threat | Bandwidth usage for threat module. | Mean | Bytes/Sec |
| Bandwidth Module Modsecurity | Bandwidth usage for modsecurity module. | Mean | Bytes/Sec |
| Bandwidth Module Origin | Bandwidth usage for origin module. | Mean | Bytes/Sec |
| Bandwidth Module Rate Limiting | Bandwidth usage for rate limiting module. | Mean | Bytes/Sec |
| Bandwidth Module Bot Management | Bandwidth usage for bot management module. | Mean | Bytes/Sec |
Threshold configuration
To configure thresholds for an OCI WAF Firewall and OCI Edge Policy monitor:
- Log in to your Site24x7 account and navigate to Admin > Configuration Profiles > Threshold and Availability.
- Click Add Threshold Profile.
- Select the applicable monitor type from the Monitor Type drop-down menu. The applicable monitor types are OCI WAF Firewall and OCI Edge Policy. The supported metrics are displayed in the Threshold Configuration section. You can set threshold values for all the metrics mentioned above.
- Click Save.
Organize OCI WAF monitors using Monitor Groups in Site24x7
Monitor Groups in Site24x7 help you organize WAF Firewall and Edge Policy Resource monitors based on your OCI environment structure. You can group monitors by application, environment such as production or staging, or by business unit.
With this integration, Monitor Groups provide a consolidated view of firewall activity and policy-level behavior. For example, you can group all WAF resources protecting a specific application along with their associated edge policies. This makes it easier to understand how traffic and security rules impact that application.
It also simplifies alert management, since notifications can be configured at the group level instead of individual monitors.
OCI WAF Capacity Planning in Site24x7 monitoring
Capacity Planning in Site24x7 helps analyze and forecast OCI WAF metrics such as request volume, traffic, and bandwidth using historical data. It provides a grouped view of WAF Firewall and Edge Policy Resource monitors to identify trends, peak usage periods, and abnormal spikes.
Using this feature, teams can predict future traffic behavior, detect anomalies, and understand which resources contribute most to load. This helps optimize WAF rules, plan for scaling, and improve security readiness.
By leveraging forecasting and trend analysis, Capacity Planning enables proactive decision making and reduces the risk of performance issues or unexpected traffic surges.
Licensing
- Each OCI WAF Firewall and OCI Edge Policy monitor utilizes one basic monitor license.
Viewing OCI WAF data
To monitor your OCI Certificates environment, log in to your Site24x7 account and navigate to Cloud > OCI > WAF.
Monitor data
OCI WAF Firewall
The monitor data for OCI WAF Firewall monitor is given below.
Summary
The Summary tab provides a comprehensive overview of the events timeline and metrics, presenting insightful charts that shed light on the performance of your OCI WAF Firewall monitor.
Configuration
The Configuration tab displays the core configuration details of the WAF Firewall monitor. This includes details such as Display Name, Region, and Compartment ID.
Zia Forecast
The Zia Forecast tab displays the forecast chart with future points of a performance metric (measurement of resource usage) based on historical time series data. Historical data, of up to 30 days, is used to predict what your metric usage will be in the next seven days.
Outages
The Outages tab provides details on an outage's Start Time, End Time, Duration, and Comments, if any.
Notes
The Notes tab provides details like Resource ID, Region, Monitor Licensing Category, and much more. The Threshold and Availability Profile and the Notification Profile can be set according to the user and viewed in this tab.
Log Report
The Log Report tab provides a consolidated report of the OCI WAF Firewall monitor's log status, which can be downloaded as a CSV file.
Alert Logs
The Alert Logs tab displays a chronological list of all triggered alerts related to the WAF Firewall monitor. This tab helps you trace alert history and severity to assess issues and validate threshold settings.
OCI Edge Policy
The monitor data for OCI Edge Policy monitor is given below.
Summary
The Summary tab delivers a comprehensive overview of the events timeline and metrics, presenting insightful charts that shed light on the performance of your Edge Policy monitor.
Configuration
The Configuration tab displays the core configuration details of the Edge Policy monitor. This includes details such as Display Name, Region, and Compartment ID.
Outages
The Outages tab provides details on an outage's Start Time, End Time, Duration, and Comments, if any.
Notes
The Notes tab provides details like Resource ID, Region, Monitor Licensing Category, and much more. The Threshold and Availability Profileand the Notification Profile can be set according to the user and viewed in this tab.
Log Report
The Log Report tab provides a consolidated report of the Edge Policy monitor's log status, which can be downloaded as a CSV file.
Alert Logs
The Alert Logs tab displays a chronological list of all triggered alerts related to the Certificate monitor. This tab helps you trace alert history and severity to assess issues and validate threshold settings.
-
On this page
- Benefits of Site24x7’s OCI WAF integration
- Use case
- Setup and configuration
- Permissions
- Polling frequency
- Supported metrics
- Threshold configuration
- Organize OCI WAF monitors using Monitor Groups in Site24x7
- OCI WAF Capacity Planning in Site24x7 monitoring
- Licensing
- Viewing OCI WAF data
- Monitor data