What is Origin Shield Analytics?

Mlytics Origin Shield Analytics is a collection of interactive charts that provides insights on the risks and threats that the Origin Shield had mitigated. 

It is a powerful tool to help users make informed decisions when deciding which security actions they need to perform in order to protect their origin.

You can access Origin Shield analytics by navigating to ‘ Analytics’ > ‘Origin Shield’.

You need to set the target domain from the ‘ Operation level panel’.

Origin Shield analytics has 5 sets of charts: 

  1. Request chart
  2. Traffic chart
  3. Access control / Bot management chart
  4. Firewall rules / CRS rules chart
  5. Threat log

Request chart

The Origin Shield request chart counts the number of requests passing through Mlytics Origin Shield server/s for a given domain.

Traffic chart

The Origin Shield traffic chart counts the traffic size (in bytes) passing through Mlytics Origin Shield server/s for a given domain.

Access control / Bot management chart

The Origin Shield Access control / Bot management chart counts the mitigated threats (on a given domain) under the ‘Access control’, and ‘Bot management’ security features. 

Specifically, this chart tracks:

  • the blacklisted IP/Geo, 
  • search engine crawlers, 
  • security/vulnerability scanners, 
  • rogue crawlers/bad bots, 
  • instances when browser integrity checks were triggered, and 
  • instances when bot challenges were triggered.

Below the main chart, there are 2 summary charts showing the top 10 sources of the attacks. The summary charts are grouped in terms of country and IP address.

Firewall rules / CRS rules chart

The Origin Shield Firewall rules / CRS rules chart counts the mitigated threats (on a given domain) under the ‘Firewall rules’,  ‘CRS rules’, and "API protection" security features. 

Specifically, this chart tracks:

  • the instances when firewall actions were triggered, 
  • instances when API protections were triggered, 
  • XSS attacks, 
  • SQL injection attacks, and 
  • generic injection attacks.

Below the main chart, there are 2 summary charts showing the top 10 sources of the attacks. The summary charts are grouped in terms of country and IP address.

Threat log

The Origin Shield threat log records of all the mitigated threats (on a given domain) from all security features.

The main table consists of 6 main columns:

  1. Date - the date when the mitigated attack happens
  2. Request domain - the domain which experienced the mitigated attack
  3. Category - the type of mitigated threats as indicated in ACL & DDoS chart and WAF chart
  4. IP - the IP address source of the mitigated attack
  5. Country - the county source of the mitigated attack
  6. Actions - the actions done to mitigate the attack, e.g. blocked, simulated, passed, rate-limit, block & redirect, challenged, API protection. 
Note: For ‘Actions’, each security feature executes different actions. Please refer to each security feature article for more details.

Above the main table, summary boxes for the mitigated attacks based on categories, together with their corresponding number. 

Finally, the search panel which allows users to search mitigated attacks based on their IP address or incident ID.

The incident ID is a unique ID generated every time the Origin Shield receives and responds to an HTTP request. SOC uses this ID to analyze why the HTTP request was caught by the Origin shield.

Quick Actions

Together with Quick Actions, Origin Shield Analytics not only gives users visual actionable insights, but also easily guides users to the next possible actions to take right after analyzing the insights.

Users can easily set routing strategies, avail other CDNs, avail regional DNS, etc. based on the actionable insights they got from the analytics.