Wallarm Documentation: Comprehensive Technical Guide¶

Wallarm Documentation provides complete technical documentation for deploying, configuring, and managing the Wallarm API Security Platform. Documentation is available in 5 languages to support global enterprise deployments.

Available Languages¶

• English: https://docs.wallarm.com (Primary language)
• 日本語 (Japanese): Available via language selector
• Türkçe (Turkish): Available via language selector
• Português (Portuguese/BR): Available via language selector
• العربية (Arabic): Available via language selector

Documentation Structure¶

Introduction¶

Getting Started¶

• Platform Overview: In today's digital world, APIs face growing threats, especially with the rise of AI. Traditional security can...
• Quick Start: Wallarm delivers all-in-one API security, identifying and protecting your APIs from vulnerabilities and malicious...

Video Guides¶

• Platform Overview: Watch our comprehensive platform overview video to learn about Wallarm's unified API security platform, including...
• API Discovery Overview: Watch our demo video to discover the full potential of the Wallarm platform's API Discovery module. Get familiar...
• API Leaks Overview: Watch our demo video to gain familiarity with the various types of API leaks that the Wallarm platform's API Leaks...
• Shadow and Orphan API: Watch our demo video to become familiar with how you can detect shadow and orphan endpoints in your API using Wallarm.
• Analyzing CVEs and Attacks: Watch our demo video to get familiar with the Wallarm platform's CVEs dashboard and know how to use this dashboard...
• API Abuse Prevention: Watch our demo video to become familiar with the various bot types that the Wallarm platform's API Abuse Prevention...
• Platform Settings: Related documentation articles

API Discovery¶

• Overview: Wallarm's multi-protocol API Discovery continuously analyzes the real traffic requests and builds the API inventory...

Exploring Your APIs¶

• API Inventory: As soon as the API Discovery module has built the catalog of your endpoints (your API inventory), you can explore it...
• Dashboard
• Track API Changes: If changes occur in your API, API Discovery updates the built API inventory, highlights the changes and gives you...

Risk Analysis¶

• Risk Score: The risk score is made up of various factors, each having its own weight when calculating the final risk score. By...
• Rogue APIs (Shadow/Zombie): The API Discovery module can detect rogue APIs by comparing live traffic against your uploaded OpenAPI...
• Sensitive Business Flows: With the sensitive business flow capability, Wallarm's API Discovery can automatically identify endpoints that are...
• Sensitive Data Detection: API Discovery detects and highlights sensitive data consumed and carried by your APIs, which allows applying...
• Setup & Configuration: This article describes how to enable and configure Wallarm's API Discovery.

API Protection¶

• Overview: Wallarm's API Protection is an advanced set of API and AI protection capabilities. While basic cloud-native WAAP...
• Best Practices: This article will show you how to use Wallarm, a unique platform that is like having two guards in one, for attack...

API Session Security¶

• Overview: Wallarm API Sessions provide deep visibility into user actions within your APIs. Instead of analyzing individual...
• Setup: API Sessions require NGINX Wallarm node 5.1.0 or Native Wallarm Node 0.8.0.
• Exploring Sessions: As soon as Wallarm's API Sessions identified user sessions related to your applications, you can explore them in the...
• Session Blocking: As Wallarm's API Sessions aim to provide full visibility into sessions within your traffic, this visibility includes...
• Business Logic Abuse: Wallarm utilizes LLM-based analysis to detect the attempts to abuse a business logic of your applications and block...

API-Specific Protection¶

• BOLA Protection: Behavioral attacks such as Broken Object Level Authorization (BOLA) exploit the vulnerability of the same name. This...
• Enumeration Attack Protection: Wallarm allows protecting your APIs from the enumeration attacks preventing the reveal of information highly...
• GraphQL Protection: Wallarm detects regular attacks (SQLi, RCE, etc.) in GraphQL by default even under the basic WAAP subscription plan....
• File Upload Restriction: The unrestricted resource consumption is included in the OWASP API Top 10 2023 list of most serious API security...
• Custom Request Anomaly: Wallarm can utilize LLM-based analysis to semantically detect any custom anomalies in different points of requests....

Bot Management¶

• Overview: The API Abuse Prevention module of the Wallarm platform delivers detection and mitigation of bots performing API...
• Setup: This article describes how to enable and configure the API Abuse Prevention module to detect and mitigate malicious...
• Exploring Detected Bots: API Abuse Prevention conveniently visualizes the data on bot activities for the last 30 days at the API Abuse...
• Exceptions: This article describes how to fine tune API Abuse Prevention by marking legitimate bots and disabling bot protection...

API Spec Enforcement¶

• Overview: The API Specification Enforcement is designed to apply security policies to your APIs basing on your uploaded...
• Setup: This article describes how to enable and configure your API protection based on your uploaded API specification.
• Viewing Events: As soon as you uploaded your API specification to be used for applying specification-based security policies and...

Credential Protection¶

• Credential Stuffing Detection: A credential stuffing attack is hazardous because of the common practice of reusing identical usernames and...

Threat Protection (WAAP)¶

• WAAP Overview: Wallarm Cloud-Native WAAP (Web Application & API Protection) provides advanced protection for applications and APIs...
• Attack Detection & Handling: The Wallarm platform continuously analyzes API traffic and mitigates malicious requests in real-time. From this...
• Brute Force Protection: A brute force attack is one of the attack types not detected by Wallarm out-of-the-box, its detection should be...
• Forced Browsing Protection: A forced browsing attack is one of the attack types not detected by Wallarm out-of-the-box, its detection should be...
• Multi-Attack Thresholds: When Wallarm is in blocking mode, it automatically blocks all requests with malicious payloads, letting only...
• DoS Protection: The unrestricted resource consumption is included in the OWASP API Top 10 2023 list of most serious API security...
• DDoS Protection: A DDoS (Distributed Denial of Service) attack is a type of cyber attack in which an attacker seeks to make a website...
• IP Filtering: In the IP & Session Lists → IP lists section of Wallarm Console, you can control access to your applications by...
• Filtration Mode: Filtration mode defines the filtering node behavior when processing incoming requests. These instructions describe...

Mitigation Controls¶

• Overview: Mitigation controls extend Wallarm's attack protection with additional security measures and allow fine-tuning of...

Rules & Policies¶

• Overview: Rules are used to fine-tune the default Wallarm behavior during the analysis of requests and their further...
• Rate Limiting: The unrestricted resource consumption is included in the OWASP API Top 10 2023 list of most serious API security...
• Virtual Patching: In cases when it is impossible to fix a critical vulnerability in the code of your application or install the...
• Custom Regex Rules: Wallarm provides the Create regexp-based attack indicator rule to define your own attack signs that are described...
• Sensitive Data Masking: Wallarm provides the Mask sensitive data rules to configure data masking for sensitive data not to leak outside the...
• Request Processing: When analyzing requests, Wallarm filtering node uses a comprehensive set of parsers. After identifying the request...
• Response Headers: The Change server response headers rule allows adding, deleting server response headers and changing its values.
• Overlimit Detection: The Wallarm node spends limited time on a single incoming request processing and if the time limit is exceeded,...

API Security Testing¶

• Security Testing Overview: Wallarm's Security Testing suite is a comprehensive platform designed to secure APIs throughout the software...

Threat Replay Testing¶

• Overview: By replaying incoming real-world attacks as unharmful security tests, Wallarm's Threat Replay Testing addresses the...
• Setup: This article describes how to enable and configure Wallarm's Threat Replay Testing.
• Exploring Results: Once Threat Replay Testing is enabled and configured, you can explore the performed tests and their results as...

Schema-Based Testing¶

• Overview: Wallarm's Schema-Based Testing is a dynamic application security testing (DAST) solution that enables "shift-left"...
• Setup: This article describes how to enable and configure Wallarm's Schema-Based Testing.
• Exploring Results: Once Schema-Based Testing is enabled and tests are run, you can explore the test run results as described in this...

API Security Testing via Postman¶

• Overview: Run safe, passive security tests on your Postman collections to detect authentication gaps, data leaks, and...
• Setup: This article describes how to enable and configure API Security Testing via Postman.
• Exploring Results: You can view API Security Testing results in two ways: mainly in Postman's AI Mode (recommended), or in Wallarm...

API Attack Surface (AASM)¶

• Overview: Wallarm's API Attack Surface Management (AASM) is an agentless detection solution tailored to the API ecosystem,...
• Setup: This article describes how to enable and configure API Attack Surface Management to discover your external hosts...
• API Surface Discovery: The API Attack Surface Discovery (AASD) component of the Wallarm's API Attack Surface Management scans your selected...
• Security Issues: Once API Attack Surface Discovery finds the external hosts of your selected domains, Wallarm checks if these hosts...
• Detecting Vulnerabilities: Due to negligence or inadequate information when building or implementing an application, it can be vulnerable to...

AI Security¶

• Overview: As AI agents and large language models (LLMs) become integrated into enterprise applications, they introduce new...

AI Discovery¶

• AI Agent Discovery: Wallarm's API Discovery automatically identifies your APIs that are related to ML models, neural networks, chatbots...

AI Protection¶

• AI Agent Protection: Wallarm provides API-first security for AI systems by protecting AI agents, AI proxies, and APIs with AI features by...
• AI Payload Inspection: Wallarm utilizes LLM-based analysis to detect the attempts to exploit an AI agent’s logic to leak system secrets,...
• Rogue MCP Inspection: Wallarm allows you to audit every installed local MCP server to expose supply-chain risks, excessive privileges, and...

Deployment¶

• All Deployment Options

Security Edge¶

• Overview: Security Edge is Wallarm's managed deployment option allowing you to protect your APIs and applications without...
• Free Tier: The Free Tier of Security Edge lets you evaluate the Wallarm platform and protect up to 500,000 requests per month -...
• Inline
• Overview: The Security Edge platform provides a managed service for deploying Wallarm Nodes across geographically distributed...
• Deployment Guide: To deploy the Wallarm Security Edge for inline traffic analysis, follow this guide.
• Access Control Lists: An access control list (ACL) is a set of rules that defines which IP addresses can access specific hosts and...
• Cache Rules: Cache rules are settings that define how the Security Edge Inline node stores and reuses responses from specific...
• Custom Block Page: When the Security Edge Inline Node blocks a malicious request, it returns a block page along with an HTTP 403...
• Host Redirection: Wallarm Security Edge Inline provides a host redirection feature to help you unify traffic entry points.
• mTLS Configuration: Mutual TLS (mTLS) allows the Wallarm Edge Node to authenticate itself to your origin servers using a client...
• Multi-Region: You can deploy the inline Edge Nodes across multiple regions and cloud providers to achieve geo‑redundancy and low...
• NGINX Overrides: Security Edge Inline supports overriding NGINX directives at the host (server) and location levels. These overrides...
• Upgrade & Management: Manage the Security Edge Inline deployment from the Wallarm Console by updating configuration settings, upgrading...
• Telemetry Portal
• Overview: The telemetry portal for Security Edge Inline provides Grafana dashboards with real-time insights into metrics on...
• Main Dashboard: This article describes one of the two dashboards in the Security Edge Inline telemetry portal, called Portal Inline...
• Logs Dashboard: This article describes one of the two dashboards in the Security Edge Inline telemetry portal, called Portal Inline...
• Connectors: The Security Edge platform provides a managed service for deploying Wallarm Nodes across geographically distributed...

Kubernetes¶

• Istio: This guide describes how to secure your APIs managed by Istio using the Wallarm Connector for Istio Ingress.
• Gloo Gateway: This guide describes how to secure your APIs managed by Gloo Gateway (Gloo Edge API) using the Wallarm Connector...
• NGINX Ingress Controller
• Deployment: These instructions provide you with the steps to deploy the Wallarm NGINX-based Ingress controller to your K8s...
• Configuration Options: This page describes the Helm chart configuration options for the Wallarm Ingress Controller based on F5 NGINX...
• High Availability: This article provides configuration recommendations for the Wallarm Ingress controller to be highly available and...
• Monitoring: The general aspects of NGINX Ingress controller monitoring are already well covered on the Internet. Wallarm...
• Real Client IP: These instructions describe the Wallarm Ingress controller configuration required to identify an originating IP...
• Chaining Ingress Controllers: These instructions provide you with the steps to deploy the Wallarm Ingress controller to your K8s cluster and chain...
• Kong Ingress Controller: To secure APIs managed by Kong Ingress Controller, Wallarm provides a connector that integrates seamlessly into your...
• Helm Chart for Native Node
• Deployment: The Wallarm Native Node, which operates independently of NGINX, is designed for deployment with some connectors. You...
• Configuration: When deploying the self-hosted Wallarm Native Node using the Helm chart, configuration is specified in the...
• Sidecar Proxy
• Deployment: To secure an application deployed as a Pod in a Kubernetes cluster, you can run the NGINX-based Wallarm node in...
• Helm Chart: This document describes Wallarm-specific Helm chart values you can change during Wallarm Sidecar deployment or...
• Customization: This article instructs you on safe and effective customization of the Wallarm Kubernetes Sidecar solution providing...
• Pod Annotations: The Wallarm Sidecar solution can be configured via annotations on the per-pod's basis. The list of annotations...
• Scaling: This guide focuses on the nuances of scaling, High Availability (HA), and the correct allocation of resources for...
• eBPF (Out-of-Band)
• Deployment: !!! info "Beta"
• Helm Chart: This document provides information about Wallarm-specific Helm chart values that can be modified during the...
• Selecting Packets: The Wallarm eBPF solution operates on a traffic mirror and provides control over the traffic mirror scope. It allows...

Cloud Platforms¶

• AWS
• AMI for NGINX Node
• AMI for Native Node: The Wallarm Native Node, which operates independently of NGINX, is designed for Wallarm connector self-hosted...
• Docker on ECS: This quick guide provides the steps to deploy the Docker image of the NGINX-based Wallarm node to the Amazon cloud...
• Terraform Module
• Overview: Wallarm provides the Terraform module to deploy the node to AWS from the Terraform-compatible environment. Use these...
• Terraform for VPC: This example demonstrates how to deploy Wallarm as an inline proxy to an existing AWS Virtual Private Cloud (VPC)...
• Terraform for API Gateway: This example demonstrates how to protect Amazon API Gateway with Wallarm deployed as an inline proxy to AWS Virtual...
• AWS WAF Integration: In modern cloud architectures, a layered security approach is essential to protect both the perimeter and the...
• Cost Estimation: This page outlines the typical AWS infrastructure costs associated with deploying Wallarm NGINX Nodes using...
• Autoscaling
• Overview: You can set up Wallarm filtering node auto scaling to make sure that filtering nodes are capable of handling traffic...
• Create AMI Image: You can set up auto scaling for the Wallarm filtering nodes deployed on the Amazon cloud. This function requires...
• Autoscaling Group Setup: !!! info "Required rights"
• Load Balancing: Now, once you have a [configured][link-doc-asg-guide] filtering node Auto Scaling Group, you need to create and...
• GCP
• Machine Image for NGINX Node
• Docker on GCE: This quick guide provides the steps to deploy the Docker image of the NGINX-based Wallarm node to the Google Cloud...
• Autoscaling
• Overview: You can set up Wallarm filtering node auto scaling on the Google Cloud Platform (GCP) to make sure that filtering...
• Create GCP Image: To set up auto scaling of the Wallarm filtering nodes deployed on the Google Cloud Platform (GCP) you first need...
• Instance Template: A filtering node instance template will be used later as the base when creating a managed instance group. To create...
• Autoscaling Group: To create a managed instance group and configure its auto scaling, perform the following steps:
• Load Balancing: Now that you have a [configured][link-doc-asg-guide] managed instance group with enabled auto scaling, you need to...
• Azure
• Container Instances: This quick guide provides the steps to deploy the Docker image of the NGINX-based Wallarm node to the Microsoft...
• Alibaba Cloud
• Docker on ECS: This quick guide provides the steps to deploy the Docker image of the NGINX-based Wallarm node to the Alibaba Cloud...
• Heroku: Wallarm can protect web applications and APIs deployed on the Heroku cloud platform. This guide walks you through...
• Private Cloud: Private clouds are cloud environments deployed solely to a single organization or entity, providing exclusive use...
• Cloud-Init Script: If following the Infrastructure as Code (IaC) approach, you may need to use the cloud-init script to deploy the...

API Gateways¶

• AWS API Gateway: The Wallarm Connector for Amazon API Gateway automatically builds an [API inventory][api-inventory] from real...
• Broadcom Layer7: Broadcom's Layer7 API Gateways provide a robust solution for controlling and securing an organization's API traffic....
• Kong API Gateway: To secure APIs managed by a standalone Kong API Gateway, Wallarm provides a connector implemented as a Lua plugin.

CDN¶

• Akamai EdgeWorkers: For customers delivering their APIs through Akamai CDN properties, Wallarm provides a dedicated EdgeWorker code...
• CloudFront: To use Wallarm as a connector for CloudFront, you need to deploy the Wallarm node externally and run...
• Azion Edge: The solution involves deploying the Wallarm node externally and injecting custom code or policies into the specific...
• Cloudflare: To use Wallarm as a connector for Cloudflare, you need to deploy the Wallarm Node externally and run a Cloudflare...
• Fastly: To use Wallarm as a Fastly connector, you need to deploy the Wallarm Node externally and run a Fastly Compute...

API Management Platform¶

• Mulesoft
• Flex Gateway: This guide describes how to secure your Mule and non-Mule APIs managed by MuleSoft Flex Gateway using the Wallarm...
• Mule Gateway: This guide describes how to secure your Mule APIs managed by Mule Gateway using the Wallarm connector.
• Azure API Management: This guide describes how to secure your APIs managed by Azure API Management (APIM) using the Wallarm connector.
• Apigee: This guide describes how to secure your APIs managed by Apigee API Management (APIM) using the Wallarm connector.
• IBM API Connect: To integrate Wallarm with IBM API Connect, deploy a Wallarm node externally and configure IBM API Gateway to proxy...

TCP Traffic Mirror¶

• Deployment: Wallarm provides an artifact for deploying its filtering node, specifically designed for TCP traffic mirror...

Packages & Containers¶

• Linux OS
• All-in-one installer for NGINX Node
• All-in-one installer for Native Node: The Wallarm Native Node, which operates independently of NGINX, is designed for Wallarm connector self-hosted...
• Docker
• Image for NGINX Node: The Wallarm NGINX-based filtering node can be deployed using a Docker image. This node supports both x8664 and ARM64...
• Image for Native Node: The Wallarm Native Node, which operates independently of NGINX, is designed for deployment with some connectors. You...
• NGINX Node Configuration: Learn fine-tuning options available for the self-hosted Wallarm NGINX node to get the most out of the Wallarm solution.
• Native Node Configuration: When deploying the self-hosted Wallarm Native Node using the all-in-one installer, Docker image or AWS AMI, you...

On-Premise¶

• Overview: Wallarm offers an on-premises solution tailored for partners, large enterprises, and any organization that requires...
• Deployment: This guide provides high-level instructions for deploying Wallarm Cloud and Filtering Nodes in an on‑premise...
• Maintenance: This document provides guidance on maintaining the Wallarm Cloud component in on-premises deployments. It covers...

Special Setups¶

• Multi-Tenant Node
• Overview: The multitenancy feature allows using Wallarm to protect several independent company infrastructures or isolated...
• Configure Accounts: These instructions provide you with the steps for the correct configuration of tenant accounts.
• Deploy Multi-Tenant Node: The multi-tenant node protects several independent company infrastructures or isolated environments simultaneously.
• Separate Postanalytics Module: In Wallarm's request processing, two stages are involved, including the postanalytics stage for statistical request...
• Custom NGINX Version: If you require Wallarm for an NGINX version that is different from the versions supported by all-in-one...
• Request Custom Deployment Option: If you are interested in custom deployment options that are not listed on our supported option list, we are happy to...

Related Documentation¶

• Inline Traffic Flow: Wallarm can be deployed in-line to mitigate threats in real-time. In this case, traffic to protected APIs passes...
• Out-of-band Traffic Flow: Wallarm can be deployed as a self-hosted Out-of-Band (OOB) security solution inspecting requests via a mirror of the...
• NGINX and Native Node Overview: The Wallarm Node is the core component of the Wallarm platform, responsible for filtering and analyzing traffic. You...
• Connector Overview: API deployment can be done in various ways, including utilizing external tools such as Azion Edge, Akamai Edge,...

Maintenance¶

• Overview: This section provides comprehensive guidance on maintaining, monitoring, and upgrading your Wallarm deployment to...

Nodes & Infrastructure¶

• Node Overview: The Nodes section of the Wallarm Console allows you to manage self-hosted nodes (Security Edge nodes are managed...
• Resource Allocation: The amount of memory and CPU resources allocated for the Wallarm NGINX node determines the quality and speed of...
• Control over Export to Cloud: You can have full visibility and control on which data is exported from Wallarm node to Cloud. This article...
• Cloud Synchronization: The filtering node regularly synchronizes with the Wallarm Cloud to:
• Proxy Configuration: These instructions describe the steps to configure access to Wallarm API via the proxy server.
• Block Page Configuration: These instructions describe the method to customize the blocking page and error code returned in the response to...
• Handling Invalid Headers: By default, NGINX drops headers it considers invalid, such as those with . or `` in their names. This prevents...
• JA3 Fingerprinting: This article describes how to enable JA3 fingerprinting for the most popular software such as NGINX and...
• Terraform Provider: If you use Terraform to manage your infrastructures, that may be a comfortable option for you to use it for managing...

Monitoring & Metrics¶

• NGINX Node Metrics
• Overview: The [NGINX Node][nginx-node-landing] exposes metrics in the Prometheus format, which you can use to monitor its...
• Postanalytics Metrics: This article describes the Postanalytics module and the service runtime metrics of the NGINX Node to help monitor...
• wcli Controller Metrics: This article describes the metrics of the wcli Controller of the NGINX Node to help monitor and troubleshoot the...
• API Firewall Metrics: This article describes the API Firewall metrics of the NGINX Node. The API Firewall provides the core functionality...
• Native Node Metrics
• Overview: The [Native Node][nginx-node-landing] exposes metrics in the Prometheus format, which you can use to monitor its...
• Postanalytics Metrics: This article describes the Postanalytics module and the service runtime metrics of the Native Node to help monitor...
• Runtime Metrics: This article describes the Native Node runtime metrics to help monitor and troubleshoot the Native Node.
• Statistics Service: You can obtain Wallarm NGINX or Native node statistics using the wallarmstatus service. This article describes how...
• Node Logging: This article guides you on how to find the log files of a Wallarm filtering node.
• Failover Configuration: Deploying a filter node as a reverse proxy requires that the filter node is highly available. The filter node...
• Health Check: This document provides you with a checklist to ensure Wallarm operates correctly after a new filtering node...

Upgrades & Migration¶

• Versioning Policy: This document details Wallarm's versioning policy for self-hosted NGINX-based and Native Nodes and Edge Nodes, which...
• General Recommendations: This document describes recommendations and associated risks for a safe upgrade of Wallarm Nodes.
• What's New: Wallarm Node 7.x introduces a new deployment artifact for Kubernetes environments — the Wallarm Ingress Controller...
• NGINX Node Changelog: This document lists available versions of the NGINX Wallarm Node 6.x in various form factors, helping you track...
• Native Node Changelog: This document lists available versions of the Native Wallarm Node 0.14.x+ in various form factors, helping you track...
• NGINX Node Upgrade Instructions
• DEB/RPM Packages: These instructions describe the steps to upgrade the Wallarm NGINX modules 4.x installed from the individual...
• Postanalytics Module: These instructions describe the steps to upgrade the postanalytics module installed on a separate server up to the...
• All-in-One Installer: These instructions describe the steps to upgrade the Wallarm node installed using all‑in‑one installer to the latest...
• Docker Image: These instructions describe the steps to upgrade the running Docker NGINX-based image to the latest version 6.x.
• Ingress Controller: This topic explains why and how to migrate from the Wallarm Ingress Controller based on the [Community Ingress...
• Ingress Controller Retirement: In November 2025, the Kubernetes community announced the retirement of the Community Ingress NGINX project, with...
• Sidecar Proxy: These instructions describe the steps to upgrade Wallarm Sidecar solution up to the latest 6.x version.
• Cloud Image: These instructions describe the steps to upgrade the cloud node image deployed on AWS or GCP up to the latest 6.x.
• Multi-Tenant Node: These instructions describe the steps to upgrade the multi-tenant node up to the latest 6.x.
• Native Node Upgrade Instructions
• All-in-One Installer: These instructions describe the steps to upgrade the Native Node installed using all-in-one installer.
• Helm Chart: These instructions describe the steps to upgrade the Native Node deployed using Helm chart.
• Docker Image: These instructions describe the steps to upgrade the Native Node deployed from the Docker image.
• Connector's Code Bundle Release Notes: This document lists the versions of connector code bundles that work with the Native Node (MuleSoft, Cloudflare, etc.).
• EOL Node Upgrades (3.6 and lower)
• What's New: This page lists the changes available when upgrading the node of the deprecated version (3.6 and lower) up to...
• NGINX Modules: These instructions describe the steps to upgrade the end‑of‑life Wallarm NGINX modules (version 3.6 and lower) to...
• Postanalytics: These instructions describe the steps to upgrade the end‑of‑life postanalytics module (version 3.6 and lower)...
• Docker Image: These instructions describe the steps to upgrade the running end‑of‑life Docker NGINX-based image (version 3.6 and...
• Ingress Controller: These instructions describe the steps to upgrade deployed end‑of‑life Wallarm Ingress Controller (version 3.6 and...
• Cloud Image: These instructions describe the steps to upgrade the end‑of‑life cloud node image (version 3.6 and lower) deployed...
• Multi-Tenant: These instructions describe the steps to upgrade the end‑of‑life multi-tenant node (version 3.6 and lower) up to the...
• Migrate IP Lists: Starting with Wallarm node 3.x, the method of IP address allowlist and denylist configuration has been changed. This...

Operations¶

• Learning Request Volume: Wallarm's primary licensing/billing methods are based on the level of requests served by Wallarm filtering nodes...
• Scanner IP Addresses: This document provides the lists of IP addresses for US and EU Clouds from which Wallarm scans company resources for...

Troubleshooting¶

• Overview: This section describes most common troubleshooting cases related to Wallarm, providing you with solutions to...
• Detection and Blocking: If you suspect that attacks from the traffic are not uploaded to the Wallarm Cloud and, as a result, do not appear...
• Detection Tools: Wallarm is a set of protection tools. If they work not as expected, you can always tune them under your specific...
• Performance: Recommended CPU usage by Wallarm is about 10-15%, meaning that filtering nodes will be able to handle a x10 traffic...
• Real Client IP: These instructions describe the NGINX configuration required to identify an originating IP address of a client...
• End User Problems: If some errors occur after NGINX Wallarm node installation, check this troubleshooting guide to address them. If you...
• Wallarm Ingress Controller: This troubleshooting guide lists common issues you can face during the Wallarm NGINX-based Ingress controller...
• Wallarm Cloud is Down: If the Wallarm Cloud is down, Wallarm nodes continue attack mitigation with some limitations. To learn more, use...
• OWASP Dashboard Alerts: When Wallarm nodes are not updated or face synchronization issues with the Cloud, error messages appear on the OWASP...
• NGINX Error Log: This article lists common NGINX error log lines related to Wallarm and describes how to fix the corresponding problems.
• Dynamic DNS in NGINX: This article explains the difference between static and dynamic DNS resolution in NGINX and how to configure dynamic...

Integrations¶

• Integrations Overview: Being your shield against the OWASP API Top 10 threats, API abuse, and automated threats, Wallarm takes your...

Messaging & Alerts¶

• Email: You can set additional email addresses that will be used to deliver scheduled PDF reports and instant notifications....
• Slack: 1. Open the Integrations section.
• Microsoft Teams: 1. Open the Integrations section.
• Telegram: Scheduled reports can be sent on a daily, weekly, or monthly basis. Reports include detailed information about...

Incident Management¶

• PagerDuty: In PagerDuty UI, [set up an integration][link-pagerduty-docs] for any existing service or create a new service...
• Opsgenie: In Opsgenie UI:
• Jira: !!! info "Supported versions"
• ServiceNow: ServiceNow is a platform to help companies manage digital workflows for enterprise operations. Your company needs an...
• InsightConnect: First, generate and copy an API key as follows:

SIEM & Analytics¶

• Splunk: In Splunk UI:
• Sumo Logic: In Sumo Logic UI:
• Microsoft Sentinel: In the Microsoft UI:
• Datadog: 1. Open the Datadog UI → Organization Settings → API Keys and generate the API key for the integration with Wallarm.

Log Collectors¶

• Fluentd: Wallarm sends notifications to Fluentd via webhooks in the JSON format. The set of JSON objects depends on the event...
• Logstash: Wallarm sends notifications to Logstash via webhooks in the JSON format. The set of JSON objects depends on the...
• Integration Examples
• IBM QRadar via Fluentd: These instructions provide you with the example integration of Wallarm with the Fluentd data collector to further...
• IBM QRadar via Logstash: These instructions provide you with the example integration of Wallarm with the Logstash data collector to further...
• Splunk via Fluentd: These instructions provide you with the example integration of Wallarm with the Fluentd data collector to further...
• Splunk via Logstash: These instructions provide you with the example integration of Wallarm with the Logstash data collector to further...
• ArcSight via Fluentd: These instructions provide you with the example integration of Wallarm with the Fluentd data collector to further...
• ArcSight via Logstash: These instructions provide you with the example integration of Wallarm with the Logstash data collector to further...
• Datadog via Fluentd/Logstash: You can set up Wallarm to send notifications of detected events to Datadog through the Fluentd or Logstash...

Cloud Storage¶

• Amazon S3: Data fields for each hit:
• MinIO: Every 10 minutes, Wallarm exports data on detected hits to a MinIO S3-compatible bucket. A hit is a serialized...

Webhooks¶

• Webhook Configuration: You can set up Wallarm to send instant notifications to any system that accepts incoming webhooks via HTTPS protocol.

DevSecOps¶

• Docker Image Security: Wallarm signs and shares the public key for its Docker images, enabling you to verify their authenticity and...
• Generate SBOM: The Software Bill of Materials (SBOM) is an inventory that lists the software components and their dependencies in...

Platform Management¶

• Overview: This section covers the administration and management of the Wallarm platform, including user access, monitoring,...

Dashboards¶

• Threat Prevention Dashboard: Review the malicious traffic characteristics for the period of time with the Threat Prevention dashboard. Get clear...
• API Discovery Dashboard
• OWASP API Top 10 Dashboard: The OWASP API Security Top 10 is a gold standard for the evaluation of security risk in APIs. To help you measure...
• Business Intelligence: In Wallarm, you have the ability to build and customize your own dashboards. This allows you to collect, present,...

Monitoring & Events¶

• Event Overview: Wallarm's Threat Management provides full, real-time picture of your security posture and allows controlling used...
• Analyzing Attacks: This article describes how you can analyze attacks detected by the Wallarm node and take actions regarding them.
• Analyzing Incidents: Incidents are attacks that successfully exploited the security issue (vulnerability) passively detected by Wallarm....
• Grouping & Sampling: When analyzing attacks, it is important to understand how malicious requests are presented. Wallarm uses hit...
• Security Issues: Security issues (vulnerabilities) are security flaws in an infrastructure that may be exploited by attackers to...

Triggers & Alerts¶

• Trigger Configuration: Triggers are tools used to set up Wallarm response to different events. Triggers combine a significant number of...

Search & Reports¶

• Search & Filters: Wallarm provides convenient methods for searching detected events (attacks and incidents). In the Attacks and...
• Custom Reports: You can filter events and then export the results into a PDF or CSV report. Wallarm will email the created report to...

Account Settings¶

• Account: To see your profile data and settings, proceed to Settings → Profile tab.
• Applications: If your company has several applications, you may find it convenient not only to view the statistics of the entire...
• Audit Log: On the Settings → Activity log tab of Wallarm Console, you can check the history of user actions in the Wallarm...

Users & Access¶

• User Management: Invite your team members to your Wallarm account and assign each one a specific role to safeguard sensitive...
• API Tokens: In Wallarm Console → Settings → API tokens, you can manage tokens for API request authentication and for filtering...
• SSO Configuration
• SSO Overview: You can use single sign‑on (SSO) technology to authenticate your company's users to the Wallarm Console. Wallarm...
• SSO Setup: This article describes the generic flow of enabling and configuring Wallarm's SAML SSO Authentication.
• Google Workspace: This guide covers the process of connecting the G Suite (Google) service as an identity provider to Wallarm, which...
• Okta: This guide covers the process of connecting the [Okta][link-okta] service as an identity provider to Wallarm, which...
• Troubleshooting: This article describes how to troubleshoot Wallarm's SAML SSO Authentication.
• LDAP Integration: You can use LDAP technology to authenticate your company's users to the Wallarm Console if your company already uses...

Plans & Pricing¶

• Subscription Plans: Wallarm is the only solution that unifies API discovery, risk management, real-time protection, and testing...

Reference¶

• Overview: This section provides reference materials, technical specifications, and resources for the Wallarm platform.

API Reference¶

• Overview: Wallarm API provides interaction between components of the Wallarm system. You can use Wallarm API methods to...
• Request Examples: The following are some examples of Wallarm API use. You can also generate code examples via the API Reference UI for...
• Attack Types: This article lists and describes attacks and vulnerabilities that Wallarm can detect including those presented in...
• Glossary: The glossary covers the core Wallarm entities to provide you with a better understanding of the platform.
• Data Retention Policy: This policy outlines retention periods for different datasets collected by Wallarm and stored in the Wallarm Cloud.
• Shared Responsibility Model: Wallarm relies on a shared responsibility security model. In this model, all parties (Wallarm and its clients) have...
• Comparing Wallarm to Other Solutions: When comparing Wallarm to other security or WAF solutions, it's essential to gather and present meaningful data....
• SLA: This article describes such aspects of Wallarm's service level as service availability time percentage, possible...

Was this page helpful?

How can we improve this article? (Optional)

Information is unclear or confusing

Insufficient information

Outdated or incorrect information

0/240

Send