Events

Security Events provide real-time visibility into malicious and suspicious traffic that is detected and mitigated at the CIS edge before it reaches your origin server. These events enable continuous monitoring of threat activity, analysis of traffic patterns, and response to risks that are targeting web applications, APIs, and supporting infrastructure. By capturing enforcement actions and request details, CIS Security Events help validate security controls and support ongoing threat management. For more information, see Using the CIS Security Events capability.

The following elements are available on the console:

• Events summary: Provides a high-level overview of security activity for the selected time range. Summary metrics help you to quickly assess traffic patterns, measure enforcement actions, and evaluate the effectiveness of applied security controls before reviewing detailed event information.
• Events by action: Provides a time-based visualization of security events that are grouped by the action that is taken for each request during the selected time range.
• Events by service: Lists the security-related activity per security feature. For example, custom rules and WAF.
• Top events by source: Provides a breakdown of traffic that is flagged or mitigated by a CIS security feature during the selected time range.
• Sampled event logs: A list of sampled security events by date to show the action that is taken and applied by various CIS security features.