summaryrefslogtreecommitdiff
path: root/doc/user/application_security/threat_monitoring/index.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/user/application_security/threat_monitoring/index.md')
-rw-r--r--doc/user/application_security/threat_monitoring/index.md40
1 files changed, 40 insertions, 0 deletions
diff --git a/doc/user/application_security/threat_monitoring/index.md b/doc/user/application_security/threat_monitoring/index.md
new file mode 100644
index 00000000000..07427af7c7d
--- /dev/null
+++ b/doc/user/application_security/threat_monitoring/index.md
@@ -0,0 +1,40 @@
+---
+type: reference, howto
+---
+
+# Threat Monitoring **(ULTIMATE)**
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/14707) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9.
+
+The **Threat Monitoring** page provides metrics for the GitLab
+application runtime security features. You can access these metrics by
+navigating to your project's **Security & Compliance > Threat Monitoring** page.
+
+GitLab supports statistics for the following security features:
+
+- [Web Application Firewall](../../clusters/applications.md#web-application-firewall-modsecurity)
+
+## Web Application Firewall
+
+The Web Application Firewall section provides metrics for the NGINX
+Ingress controller and ModSecurity firewall. This section has the
+following prerequisites:
+
+- Project has to have at least one [environment](../../../ci/environments.md).
+- [Web Application Firewall](../../clusters/applications.md#web-application-firewall-modsecurity) has to be enabled.
+- [Elastic Stack](../../clusters/applications.md#web-application-firewall-modsecurity) has to be installed.
+
+If you are using custom Helm values for the Elastic Stack you have to
+configure Filebeat similarly to the [vendored values](https://gitlab.com/gitlab-org/gitlab/-/blob/f610a080b1ccc106270f588a50cb3c07c08bdd5a/vendor/elastic_stack/values.yaml).
+
+The **Web Application Firewall** section displays the following information
+about your Ingress traffic:
+
+- The total amount of requests to your application
+- The proportion of traffic that is considered anomalous according to
+ the configured rules
+- The request breakdown graph for the selected time interval
+
+If a significant percentage of traffic is anomalous, you should
+investigate it for potential threats by
+[examining the application logs](../../clusters/applications.md#web-application-firewall-modsecurity).
View Lorry Controller Status