Hi Jose,
I'm not certain which report specifically you're referring to, but I have an idea.
If it's the one I am thinking of, it's because you're still using the default values for the DDoS threshold within the Cloud WAF.
For documentation on the DDoS thresholds, please see:
· https://docs.imperva.com/bundle/cloud-application-security/page/settings/ddos-settings.htm
The peak request per second (RPS) for each site can be reviewed within the performance dashboard. Select "Last 90 Days" for the time range and ensure "Avg. RPS" is selected.
The peak RPS will be displayed as in Figure 1 below.
Figure 1
The best practice is 3 ½ times the peak. For example, if peak RPS is 100 request per second we recommend 350 RPS as a good starting point.
However, we don't recommend going lower than 150 RPS regardless of how the math works out for a low volume site. (E.G. 3 RPS x 3.5 = 10.5 in this scenario still set the threshold to 150)
Ideally, we would have performance/load test numbers against the origin to which we could align.
An average web server can handle approximately 200 to 250 concurrent request per CPU core.
------------------------------
JairedAnderson
Imperva
------------------------------
Original Message:
Sent: 02-03-2023 03:35
From: Jose Yero
Subject: Security Assessment
I have this report, I currently have a WAF Cloud and On Premise product and my question is how do I validate the DDoS score.
#CloudWAF(formerlyIncapsula)