Skip to content

Security Analytics

The Security Analytics section provides comprehensive insights into your website's security posture, helping you monitor threats, understand attack patterns, and optimize your security configurations.

Security Event Metrics

Threat Intelligence Hits

Tracks requests identified as potentially harmful by Peakhour's threat intelligence system:

  • Automated threat detection based on known malicious IP addresses, signatures, and patterns
  • Real-time protection against emerging threats from global intelligence feeds
  • Pattern analysis to identify coordinated attack campaigns

Access List Hits

Monitors requests processed by your configured access lists:

  • Allow list matches showing legitimate traffic patterns
  • Block list matches revealing blocked threat attempts
  • Geographic and IP-based filtering effectiveness

Web Application Firewall (WAF) Hits

Tracks requests filtered by the WAF engine:

  • Attack pattern detection including SQL injection, XSS, and other web-based attacks
  • Rule effectiveness analysis for fine-tuning security policies
  • False positive identification for optimizing legitimate traffic flow

Firewall Hits

Monitors requests processed by firewall rules:

  • Custom rule effectiveness for organization-specific security policies
  • Traffic pattern analysis for rule optimization
  • Performance impact assessment of security rules

Bot Activity

Tracks automated traffic from various sources:

  • Search engine bots and legitimate crawlers
  • Malicious bots attempting various attacks
  • Automated tools used for reconnaissance or attacks

Rate Limiting Hits

Monitors requests subject to rate limiting:

  • DDoS protection effectiveness through request throttling
  • Abuse prevention by limiting excessive requests from single sources
  • Legitimate traffic impact analysis for rate limit optimization

Security Visualization Charts

IP Reputation Distribution

The IP reputation pie chart categorizes threats by source characteristics:

  • Tor networks: Anonymous traffic that may indicate evasion attempts
  • Proxy services: Traffic routed through intermediary services
  • Spam sources: IPs known for spam or abuse activities
  • Malware networks: IPs associated with malware distribution
  • Web attack sources: IPs with history of web-based attacks
  • Bot networks: Automated traffic sources

WAF Severity Analysis

Displays the distribution of WAF hits by threat severity:

  • Critical: Severe threats requiring immediate attention
  • Notice: Moderate threats that should be monitored
  • Info: Low-level events for awareness and pattern analysis

WAF Rule Effectiveness

Shows which specific WAF rules are most frequently triggered:

  • Rule performance analysis for security policy optimization
  • Attack vector identification to understand common threat types
  • False positive detection for rule tuning

Block Type Distribution

Categorizes blocked requests by protection mechanism:

  • WAF blocks: Requests stopped by application firewall rules
  • Bot blocks: Automated traffic filtered by bot protection
  • Blocklist blocks: Requests from known malicious sources
  • ASN blocks: Traffic blocked based on network provider
  • Rule blocks: Custom rule-based filtering

Geographic Threat Analysis

Top Country Code Threats

Identifies countries generating the most security events:

  • Geographic attack patterns for regional security adjustments
  • Compliance considerations for geographic restrictions
  • Infrastructure planning for region-specific protections

Top ASN Threats

Shows Autonomous System Numbers generating the most threats:

  • Network provider patterns indicating compromised infrastructure
  • Hosting provider issues that may require special handling
  • ISP-level threat intelligence for network-based filtering

Top IP Threats

Identifies specific IP addresses generating the most security events:

  • Persistent attackers requiring additional attention
  • Coordinated attacks from multiple related IPs
  • High-volume threat sources for priority blocking

Security Insights and Optimization

Threat Pattern Recognition

Use security analytics to identify:

  • Attack campaigns coordinated across multiple sources
  • Seasonal threat patterns that require temporary policy adjustments
  • Emerging attack vectors not covered by current rules

Policy Optimization

Analytics help optimize security policies by:

  • Reducing false positives through rule refinement
  • Identifying gaps in current security coverage
  • Balancing security with legitimate user experience

Incident Response

Security data enables:

  • Rapid threat identification and response
  • Attack attribution through source analysis
  • Impact assessment of security incidents

Performance vs. Security Balance

Security analytics help balance protection with performance by showing:

  • Rule processing overhead and its impact on response times
  • Legitimate traffic patterns that might be affected by security rules
  • Optimization opportunities for both security effectiveness and performance

Proactive Security Management

Regular analysis of security metrics enables:

  • Predictive threat modeling based on historical patterns
  • Preventive policy adjustments before attacks escalate
  • Infrastructure hardening based on observed attack vectors

Monitor these security analytics regularly to maintain robust protection while ensuring optimal user experience for legitimate traffic.