The WAF provides two types of alerts that inform you of any spikes in security events:
- Security Events Alert: Alerts about spikes across all services that generate log entries in Security Events.
- Advanced Security Events Alert: Similar to Security Events Alert with support for additional filtering options.
Set up a notification for WAF alerts
WAF alerts use a static threshold together with a calculation over the last six hours and five-minute buckets of events. An alert is triggered whenever the z-score value is above 3.5 and the spike crosses a threshold of 200 security events. You will not receive duplicate alerts within the same two-hour time frame.
Security Events Alert
Available for zones on Business and Enterprise plans. The mean time to detection is two hours.
Advanced Security Events Alert
Only available for zones on Enterprise plans. The mean time to detection is five minutes.
When setting up this alert, you can select the services that will be monitored. Each selected service is monitored separately.