Skip to content
Wallarm Documentation
Changelog & news
Initializing search
Explore Playground
English
English
Japanese
Turkish
Portuguese (BR)
Arabic
Version 3.6
Version 4.10
Version 4.8
Version 4.6
Version 4.4 ⚠
Home
How Wallarm Works
How Wallarm Works
Wallarm platform overview
Detecting attacks
Detecting vulnerabilities
Discovering API inventory
API Leaks Remediation
Attack and vulnerability types
Data management policies
Data management policies
Security model of shared responsibility for clients' data
Data retention policy
Wallarm subscription plans
Wallarm solution deployment and maintenance best practices
Quick Start
Administrator Guide
Administrator Guide
Introduction to the administrator guide
Installation
Installation
Deployment options
NGINX
NGINX
NGINX installation options overview
Installing as a dynamic module for NGINX stable
Installing as a dynamic module for NGINX from Debian/CentOS repositories
Installing as a dynamic module for NGINX Plus
Running Docker NGINX‑based image
Kubernetes
Kubernetes
Installing NGINX Ingress Controller with integrated Wallarm services
Chaining of the Wallarm and additional Ingress Controllers in the same Kubernetes cluster
Installing Wallarm as the sidecar container
Installing Wallarm as the sidecar container
How it works
Kubernetes deployment based on Helm charts
Kubernetes deployment based on manifests
Cloud platforms
Cloud platforms
Amazon AWS
Amazon AWS
AWS Marketplace image deployment
AWS Marketplace image deployment
Creating and configuring an AMI with the Wallarm node
Creating an Amazon Machine Image
Setting up filtering node auto scaling
Setting up filtering node auto scaling
Overview of the filtering node auto scaling configuration on AWS
Setting up filtering node auto scaling
Setting up incoming request balancing on AWS
Deployment of the Wallarm node Docker image to AWS
Google Cloud Platform
Google Cloud Platform
GCP Marketplace image deployment
GCP Marketplace image deployment
Creating and configuring a GCP instance with the Wallarm node
Creating an image with the Wallarm filtering node
Setting up filtering node auto scaling
Setting up filtering node auto scaling
Overview of the filtering node auto scaling configuration on GCP
Creating a filtering node instance template on GCP
Creating a managed instance group with enabled auto scaling
Setting up incoming request balancing on GCP
Deployment of the Wallarm node Docker image to GCP
Microsoft Azure
Microsoft Azure
Deployment of the Wallarm node Docker image to Azure
Alibaba Cloud
Alibaba Cloud
Deployment of the Wallarm node Docker image to Alibaba Cloud
Deployment of the filtering node to the private clouds
Installing Wallarm from DEB/RPM packages for Kong
Running Docker Envoy‑based image
Separate postanalytics module installation
Checking the filtering node operation
Deploying the multi‑tenant node
Deploying the multi‑tenant node
Multitenancy overview
Creating tenant accounts in Wallarm Console
Deploying and configuring multi-tenant node
Deploying Wallarm CDN node
Building Wallarm Packages for Custom NGINX
Configuration
Configuration
Configuration options for the NGINX‑based Wallarm node
Configuration options for the Envoy‑based Wallarm node
Configuration of filtration mode
Configuration of the blocking page and error code
Configuration of the Statistics Service
Configuration of brute force protection
DDoS protection
Fine‑tuning of Wallarm Ingress Controller
Fine‑tuning of Wallarm Ingress Controller
Configuration Parameters
Best Practices in NGINX-based Wallarm Ingress Controller Configuration
Best Practices in NGINX-based Wallarm Ingress Controller Configuration
Proper Reporting of End‑user Public IP Address
High Availability Considerations
Ingress Controller Monitoring
Allocating Resources for Wallarm Node
Filtering mirrored traffic
Filtering mirrored traffic
Configuration of mirrored traffic filtration
Example of NGINX configuration for traffic mirroring
Example of Envoy configuration for traffic mirroring
Example of Traefik configuration for traffic mirroring
Example of Istio configuration for traffic mirroring
Configuration of Filter Node for Separated Customer Environments
Configuration of Filter Node for Separated Customer Environments
How Filtering Node Works in Separated Environments
Recommendations on Configuring the Filter Node for Separated Environments
Access to Wallarm API via Proxy
Identifying an original client IP address if using a proxy or load balancer
Configuring synchronization between Wallarm node and Cloud
Configuring access to files needed for node operation
Working with Filter Node Logs
Configuring dynamic DNS resolution in NGINX
Using Single Sign‑On (SSO)
Using Single Sign‑On (SSO)
Overview of integration with the SAML SSO solution
Connecting SSO with G Suite
Connecting SSO with G Suite
Overview of Steps for Connecting SSO with G Suite
Step 1: Generating Parameters on the Wallarm Side (G Suite)
Step 2: Creating and Configuring an Application in G Suite
Step 3: Transferring G Suite Metadata to the Wallarm Setup Wizard
Step 4: Allowing Access to the Wallarm Application on the G Suite Side
Connecting SSO with Okta
Connecting SSO with Okta
Overview of Steps for Connecting SSO with Okta
Step 1: Generating Parameters on the Wallarm Side (Okta)
Step 2: Creating and Configuring an Application in Okta
Step 3: Transferring Okta Metadata to the Wallarm Setup Wizard
Step 4: Allowing Access to the Wallarm Application on the Okta Side
Configuring SSO Authentication for Users
Changing the Configured SSO Authentication
Monitoring & Failover
Monitoring & Failover
Configuring a Failover Method
Using a Mirrored Wallarm Repository
Using a Mirrored Wallarm Repository
How to Mirror the Wallarm Repository for CentOS
How to Install Wallarm Packages from the Local JFrog Artifactory Repository for CentOS
Monitoring the Filter Node
Monitoring the Filter Node
Introduction to the filtering node monitoring
How to Fetch Metrics
Available Metrics
Examples of Exporting and Working with Metrics
Examples of Exporting and Working with Metrics
Grafana
Grafana
Exporting Metrics to InfluxDB via the `collectd` Network Plugin
Exporting Metrics to Graphite via the `collectd` Write Plugin
Working with the Filter Node Metrics in Grafana
Nagios
Nagios
Exporting Metrics to Nagios via the `collectd-nagios` Utility
Working with the Filter Node Metrics in Nagios
Zabbix
Zabbix
Exporting Metrics to Zabbix via the `collectd-nagios` Utility
Working with the Filter Node in Zabbix
Operations
Operations
Configuring SELinux
Wallarm User Acceptance Testing Checklist
Learning the amount of requests per month handled by the application
Support of the Scanner Operation
Support of the Scanner Operation
Best practices for configuring the Active threat verification feature
Scanner Addresses
Scanner Addresses
Scanner Addresses for EU Cloud
Scanner Addresses for US Cloud
Contacting Wallarm Support to Stop the Resource Scanner
Managing Wallarm using Terraform
User Guide
User Guide
Introduction to the User Guide
Dashboards
Dashboards
Threat Prevention
API Discovery
Events
Events
Checking Events
Analyzing Attacks
Working with False Attacks
Verifying Attacks
Vulnerabilities
API Discovery
API Specifications
API Leaks
Search and Filters
Search and Filters
Using Search and Filters
Creating a Custom Report
Scanner
Nodes
Nodes
Filtering nodes overview
Wallarm nodes
CDN filtering nodes
Regular filtering nodes
Rules
Rules
Application Profile Rules
Inspecting Application Profile Rules
Adding Rules in the Application Profile
Building and unloading of a custom ruleset
Custom ruleset backup and restore
Analyzing and Parsing Requests
Available rule types
Available rule types
Managing request parsers
Setting response headers
Filtration mode rule
Rules for Data Masking
Customizing the module for active threat verification
Virtual Patching
User‑Defined Detection Rules
Ignoring certain attack types
Ignoring attack signs in the binary data
The overlimit_res attack detection fine‑tuning
Triggers
Triggers
Working with triggers
Trigger examples
IP lists
IP lists
Types and core logic of IP lists
IP address allowlist
IP address graylist
IP address denylist
Integrations
Integrations
Integrations Overview
Email Report
Slack
Telegram
Microsoft Teams
InsightConnect
Opsgenie
PagerDuty
Jira
ServiceNow
Sumo Logic
Splunk
Datadog
Microsoft Sentinel
Fluentd
Logstash
Webhook
Amazon S3
Examples of integrations via intermediate data collectors
Examples of integrations via intermediate data collectors
IBM QRadar via Fluentd
IBM QRadar via Logstash
Splunk Enterprise via Fluentd
Splunk Enterprise via Logstash
Micro Focus ArcSight Logger via Fluentd
Micro Focus ArcSight Logger via Logstash
Datadog via Fluentd/Logstash
Settings
Settings
Profile
General
Subscriptions
Applications
Users
Activity Log
Using single sign‑on to Wallarm portal
Upgrading and Migrating
Upgrading and Migrating
What is new in Wallarm node 3.6
Filtering node versioning policy
Recommendations for a safe node upgrade process
Filtering node upgrade instructions
Filtering node upgrade instructions
Upgrading Wallarm NGINX modules
Upgrading the postanalytics module
Upgrading the Wallarm Docker NGINX- or Envoy-based image
Upgrading NGINX Ingress controller with integrated Wallarm modules
Upgrading the cloud node image
Upgrading Wallarm CDN node
Upgrading Wallarm node 2.18 and lower
Upgrading Wallarm node 2.18 and lower
What is new in Wallarm node (if upgrading node 2.18 or lower)
Upgrading Wallarm NGINX modules 2.18 or lower
Upgrading the postanalytics module 2.18 or lower
Upgrading the Docker NGINX- or Envoy-based image of Wallarm node 2.18 or lower
Upgrading NGINX Ingress controller with integrated Wallarm modules 2.18 or lower
Upgrading the cloud node image 2.18 or lower
Migrating allowlists and denylists from Wallarm node 2.18 and lower to 3.x
Security testing
Security testing
Wallarm FAST Overview
FAST Onboarding
Quick start guide
Quick start guide
Deployment options
FAST node deployment
Setting the environment for testing
Running the test
Interpreting the testing results
FAST basic operations
FAST basic operations
How FAST operates: overview
Test Policies
Test Policies
Overview
Basic Policy Configuration
Configuration of Point Processing Rules
Configuration of Vulnerability Detection Process
Configuration of Anomaly Detection Process
Configuration of Anomaly Detection Process
Overview
Principles of Fuzzer Operation
Fuzzer Configuration
Using Test Policies
Test Policy Examples
Creating FAST Node And Getting A Token
List of Environment Variables Used by a FAST Node
Configuring Authentication of Test Runs
Creating A Test Run
Copying A Test Run
Stopping The Recording Process
Checking of Test Run State
Getting the Report with Test Results
Integration into CI/CD
Integration into CI/CD
Introduction
Integration Prerequisites
Integration via Wallarm API
Integration via Wallarm API
Principles and Stages
Running FAST Node
Stopping The Recording Process
Waiting For The Testing to Finish
Integration Examples
Integration Examples
Integration of FAST with CircleCI
Integration via FAST Node
Integration via FAST Node
Principles and Stages
Running FAST Node in Recording Mode
Running FAST Node in Testing Mode
Using FAST in Concurrent CI/CD Workflows
Examples of Integration
Examples of Integration
CircleCI
GitLab CI/CD
Jenkins
Bamboo
Azure DevOps
Integration via Plugins
Integration via Plugins
Jenkins
CircleCI
FAST DSL
FAST DSL
FAST DSL Overview
The Logic of Extensions
The Phases Description
The Phases Description
The Collect Phase
The Match Phase
The Modify Phase
The Generate Phase
The Send Phase
The Detect Phase
The Detect Phase
The Detect Phase Description
The Detect Phase Parameters Description
How the Detect Phase Operates with Markers
The Creation of FAST Extensions
Examples of the FAST Extensions
Examples of the FAST Extensions
Overview
Examination of the Sample Application
Creation of Modifying Extension
Creation of Nonmodifying Extension
Using the FAST Extensions
Creating Points for FAST Extensions
Creating Points for FAST Extensions
Introduction
Basic Concepts
Parsers and Filters
Parsers and Filters
Parsers and Filters
HTTP Parser and Its Filters
Form-urlencoded parser
Multipart parser
Cookie parser
XML Parser and Its Filters
Json_doc Parser and Its Filters
Base64 parser
GZIP parser
Array filter
Hash filter
Points Building Principles
How to Build a Point
Text Formatting Conventions
Glossary
Wallarm Clouds List
Vulnerabilities List
Configuration of Proxying Rules
Installing SSL Certificates
Installing SSL Certificates
Introduction
Installing Own Certificate for FAST Node
Installing the FAST Node Certificate for a Browser
Installing the FAST Node Certificate for a Browser
Apple Safari
Google Chrome
Microsoft Edge
Microsoft Internet Explorer 11
Mozilla Firefox
Troubleshooting
Appendix
Appendix
Glossary
API docs
API docs
Wallarm API overview
Wallarm API request examples
FAQ
FAQ
Installing Wallarm Ingress controller
Errors after Wallarm node installation
Wallarm platform and third-party services interaction
Wallarm service status page
Wallarm Cloud is down
Tarantool troubleshooting
CPU high usage troubleshooting
Attacks are not uploaded to the Wallarm Cloud
Demo videos
Demo videos
Wallarm platform settings
Analyzing CVEs and related attacks
API Discovery overview
API Leaks overview
Changelog & news
Changelog & news
¶
Back to top