**Introducing a new console experience for AWS WAF**

You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the console](https://docs.aws.amazon.com/waf/latest/developerguide/working-with-console.html). 

# Traffic overview dashboards for protection packs (web ACLs)
<a name="web-acl-dashboards"></a>

This section describes the protection pack (web ACL) traffic overview dashboards in the AWS WAF console. After you associate a protection pack (web ACL) with one or more AWS resources and enable metrics for the protection pack (web ACL), you can access summaries of the web traffic that the protection pack (web ACL) evaluates by going to the protection pack (web ACL)'s **Traffic overview** tab in the AWS WAF console. The dashboards include near real-time summaries of the Amazon CloudWatch metrics that AWS WAF collects when it evaluates your application web traffic, including specialized AI bot and agent activity analysis.

**Note**  
If you don't see anything on the dashboards, make sure you have metrics enabled for the protection pack (web ACL). 

The protection pack (web ACL)'s **Traffic overview** tab contains tabbed dashboards with the following categories of information: 
+ **Top security insights** – Insights into your AWS WAF protections that AWS WAF obtains by directly querying the Amazon CloudWatch logs. The rest of the dashboard uses the CloudWatch metrics. These insights provide richer information, but incur the added costs of querying the CloudWatch logs. For information about the additional costs, see [Amazon CloudWatch Logs Pricing](https://aws.amazon.com/cloudwatch/pricing/). 
+ **AI Traffic Analysis** – Web requests analyzed for AI bot and agent activity, including bot identification, intent classification, access patterns, and temporal trends. This tab is available when your protection pack (web ACL) receives AI bot traffic
+ **All traffic** – All web requests that the protection pack (web ACL) evaluates. 

  The dashboard focus is on terminating actions, but you can view the matches for count rules in the following locations: 
  + **Top 10 rules** pane of this dashboard. Toggle **Switch to count action** to show count rule matches. 
  + **Sampled requests** tab of the protection pack (web ACL) page. This new tab includes a graph of all rule matches. For information, see [Viewing a sample of web requests](web-acl-testing-view-sample.md). 
+ **Anti-DDoS** – Web requests that the protection pack (web ACL) evaluates using the `AntiDDoSRuleSet` Anti-DDoS managed rule group.

  This tab is only available if you're using this rule group in your protection pack (web ACL).
+ **Bot Control** – Web requests that the protection pack (web ACL) evaluates using the Bot Control managed rule group. 
+ If you aren't using this rule group in your protection pack (web ACL), this tab shows the results of evaluating a sampling of your web traffic against the Bot Control rules. This gives you an idea of the bot traffic that your application receives and it's free of charge. 

  This rule group is part of the intelligent threat mitigation options that AWS WAF offers. For more information, see [AWS WAF Bot Control](waf-bot-control.md) and [AWS WAF Bot Control rule group](aws-managed-rule-groups-bot.md).
+ **Account takeover prevention** – Web requests that the protection pack (web ACL) evaluates using the AWS WAF Fraud Control account takeover prevention (ATP) managed rule group. This tab is only available if you're using this rule group in your protection pack (web ACL). 

  The ATP rule group is part of the AWS WAF intelligent threat mitigation offerings. For more information, see [AWS WAF Fraud Control account takeover prevention (ATP)](waf-atp.md) and [AWS WAF Fraud Control account takeover prevention (ATP) rule group](aws-managed-rule-groups-atp.md).
+ **Account creation fraud prevention** – Web requests that the protection pack (web ACL) evaluates using the AWS WAF Fraud Control account creation fraud prevention (ACFP) managed rule group. This tab is only available if you're using this rule group in your protection pack (web ACL). 

  The ACFP rule group is part of the AWS WAF intelligent threat mitigation offerings. For more information, see [AWS WAF Fraud Control account creation fraud prevention (ACFP)](waf-acfp.md) and [AWS WAF Fraud Control account creation fraud prevention (ACFP) rule group](aws-managed-rule-groups-acfp.md).

The dashboards are based on the protection pack (web ACL)'s CloudWatch metrics, and the graphs provide access to the corresponding metrics in CloudWatch. For the intelligent threat mitigation dashboards, like Bot Control, the metrics used are primarily the label metrics. 
+ For a list of the metrics that AWS WAF provides, see [AWS WAF metrics and dimensions](waf-metrics.md).
+ For information about CloudWatch metrics, see the [Amazon CloudWatch User Guide](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html). 

The dashboards provide summaries of your traffic patterns for the terminating actions and date range that you select. The intelligent threat mitigation dashboards include requests that the corresponding managed rule group evaluated, regardless of whether the managed rule group itself applied the terminating action. For example, if Block is selected, the **Account takeover prevention** dashboard includes information for all web requests that were both evaluated by the ATP managed rule group and blocked at some point during the protection pack (web ACL) evaluation. The requests can be blocked by the ATP managed rule group, by a rule that ran after the rule group in the protection pack (web ACL), or by the protection pack (web ACL) default action. 

# Viewing the dashboards for a protection pack (web ACL)
<a name="web-acl-dashboards-accessing"></a>

Follow the procedure in this section to access the protection pack (web ACL) dashboards and set the data filtering criteria. If you recently associated a protection pack (web ACL) with an AWS resource, you might need to wait a few minutes for data to become available in the dashboards.

The dashboards include the requests for all of the resources that you've associated with the protection pack (web ACL). 

**To view the **Traffic overview** dashboards for a protection pack (web ACL)**

1. Sign in to the AWS Management Console and open the AWS WAF console at [https://console.aws.amazon.com/wafv2/homev2](https://console.aws.amazon.com/wafv2/homev2). 

1. In the navigation pane, choose **protection packs (web ACLs)** and then search for the web ACL that you're interested in. 

1. Select the protection pack (web ACL). The console takes you to the protection pack (web ACL)'s page. The **Traffic overview** tab is selected by default.

1. Change the **Data filters** settings as needed. 
   + **Terminating rule actions** – Select the terminating actions to include in the dashboards. The dashboards summarize the metrics for the web requests that had one of the selected actions applied by the protection pack (web ACL) evaluation. If you select all of the available actions, the dashboards include all evaluated web requests. For information about the actions, see [How AWS WAF handles rule and rule group actions](web-acl-rule-actions.md). 
   + **Time range** – Select the time interval to view in the dashboards. You can choose to view a time frame relative to now, for example the last 3 hours or the last week, and you can select an absolute time range from a calendar. 
   + **Time zone** – This setting applies when you specify an absolute time range. You can use your browser's local time zone or UTC (Coordinated Universal Time). 

Review the information in the tabs that you're interested in. The data filter selections apply to all of the dashboards. In the graph panes, you can hover the cursor over a data point or an area to see any additional details. 

**Count action rules**  
You can view information for count action matches in one of two places. 
+ In this **Traffic overview** tab, on the **All traffic** dashboard, find the **Top 10 rules** pane and toggle **Switch to count action**. With this toggle on, the pane shows count rule matches instead of terminating rule matches.
+ In the protection pack (web ACL)'s **Sampled requests** tab, see a graph of all rule matches and actions for the time range that you've set on the **Traffic overview** tab. For information about the **Sampled requests** tab, see [Viewing a sample of web requests](web-acl-testing-view-sample.md). 

**Amazon CloudWatch metrics**  
In the dashboard graph panes, you can access the CloudWatch metrics for the graphed data. Choose the option at the top of the graph pane or from the **⋮** (vertical ellipsis) dropdown menu inside the pane. 

**Refreshing the dashboards**  
The dashboards don't refresh automatically. To update the display, choose the refresh ![\[Icon to refresh the dashboard graph\]](http://docs.aws.amazon.com/waf/latest/developerguide/images/cloudwatch-refresh-icon.png) icon.

# Examples of the traffic overview dashboards for protection packs (web ACLs)
<a name="web-acl-dashboards-screenshots"></a>

This section shows example screens of the traffic overview dashboards for protection packs (web ACLs). 

**Note**  
If you're already using AWS WAF to protect your application resources, you can see the dashboards for any of your protection packs (web ACLs) at its page in the AWS WAF console. For information, see [Viewing the dashboards for a protection pack (web ACL)](web-acl-dashboards-accessing.md).

**Example screen: Data filters and **All traffic** dashboard action counts**  
The following screenshot depicts the traffic overview for a protection pack (web ACL) with the **All traffic** tab selected. The data filters are set to the defaults: all terminating actions for the last three hours. 

Inside the all traffic dashboard are the action totals for the various terminating actions. Each pane lists the request count and shows an up/down arrow indicating the change since the prior three hours time range. 

![\[The AWS WAF console shows the protection pack (web ACL) page Traffic overview tab with the default data filters selected. The terminating rule action options are Block, Allow, CAPTCHA, and Challenge. Below the data filters section are tabs for all traffic, Bot Control, and Account takeover prevention.\]](http://docs.aws.amazon.com/waf/latest/developerguide/images/web-acl-dashboard-data-filters-default-top-actions.png)


**Example screen: **Bot Control** dashboard action counts**  
The following screenshot depicts action counts for the Bot Control dashboard. This shows the same totals panes for the time range, but the counts are only for requests that the Bot Control rule group evaluated. Farther down, in the **Action totals** pane, you can see the action counts throughout the specified three-hour time range. For this time range, the CAPTCHA action wasn't applied to any of the requests that the rule group evaluated.

![\[The AWS WAF console shows the top portion of the Bot Control dashboard, with action totals for the time range and action totals throughout the time range.\]](http://docs.aws.amazon.com/waf/latest/developerguide/images/web-acl-dashboard-bot-action-totals.png)


**Example screen: **AI Traffic Analysis dashboard** dashboard action counts**  
The following screenshot depicts the AI Traffic Analysis dashboard for a protection pack (web ACL). The dashboard shows AI bot activity over the selected time range with filters for bot organization, intent type, and verification status.

![\[The AWS WAF console shows the top portion of the AI Traffic Analysis dashboard, with top crawlers and top paths for the time range and action totals throughout the time range.\]](http://docs.aws.amazon.com/waf/latest/developerguide/images/waf-phantom-edge-dashboard.png)


The dashboard includes:
+ **Bot Identity panel** – Lists detected AI bots with names and organizations
+ **Intent Classification** – Categorizes bot purposes (crawling, indexing, research, etc.)
+ **Access Patterns** – Top URLs accessed by AI agents with request counts
+ **Temporal Analysis** – Hourly and daily activity trends with 14-day historical view
+ **Organization Breakdown** – Traffic volume by bot owner organization

**Example screen: **Bot Control** dashboard token status summary graphs**  
The following screenshot depicts two of the summary graphics available in the Bot Control dashboard. The **Token status** pane shows counts for the various token status labels, paired with the rule action that was applied to the request. The **IP token absent thresholds** pane shows data for requests from IPs that were sending too many requests without a token. 

Hovering over any area in the graph brings up the available information details. In the **Token status** pane in this screenshot, the mouse is hovering over a point in time, without being on any graph line, so the console displays the data for all lines at that point in time. 

![\[The AWS WAF console shows two panes for Token status and IP token absent thresholds, with similar graph lines for blocked and challenged requests in each pane. The Token status pane also has a graph for allowed requests.\]](http://docs.aws.amazon.com/waf/latest/developerguide/images/web-acl-dashboard-bot-token-panes.png)


This section shows just a few of the traffic summaries that are provided in the protection pack (web ACL) traffic overview dashboards. To see the dashboards for any of your protection packs (web ACLs), open the protection pack (web ACL)'s page in the console. For information about how to do this, see the guidance at [Viewing the dashboards for a protection pack (web ACL)](web-acl-dashboards-accessing.md).