Commit 562ce6e8 authored by Mark Florian's avatar Mark Florian Committed by Achilleas Pipinellis

Enable Threat Monitoring page by default

This enables the Threat Monitoring feature by default (and can be
disabled by explicitly disabling the `threat_monitoring` feature flag).

This also adds some basic documentation for Threat Monitoring.

Part of [WAF statistics reporting][1].

[1]: https://gitlab.com/gitlab-org/gitlab/issues/14707
parent fb46b18b
...@@ -297,6 +297,25 @@ Ingress with the recent changes. ...@@ -297,6 +297,25 @@ Ingress with the recent changes.
![Disabling WAF](../../topics/web_application_firewall/img/guide_waf_ingress_save_changes_v12_9.png) ![Disabling WAF](../../topics/web_application_firewall/img/guide_waf_ingress_save_changes_v12_9.png)
##### Viewing Web Application Firewall traffic
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/14707) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9.
You can view Web Application Firewall traffic by navigating to your project's
**Security & Compliance > Threat Monitoring** page.
From there, you can see tracked over time:
- The total amount of traffic to your application.
- The proportion of traffic that is considered anomalous by the Web Application
Firewall's default [OWASP ruleset](https://www.modsecurity.org/CRS/Documentation/).
If a significant percentage of traffic is anomalous, it should be investigated
for potential threats, which can be done by
[examining the application logs](#web-application-firewall-modsecurity).
![Threat Monitoring](img/threat_monitoring_v12_9.png)
### JupyterHub ### JupyterHub
> - Introduced in GitLab 11.0 for project-level clusters. > - Introduced in GitLab 11.0 for project-level clusters.
......
...@@ -106,7 +106,7 @@ module EE ...@@ -106,7 +106,7 @@ module EE
with_scope :subject with_scope :subject
condition(:threat_monitoring_enabled) do condition(:threat_monitoring_enabled) do
@subject.beta_feature_available?(:threat_monitoring) @subject.feature_available?(:threat_monitoring)
end end
with_scope :subject with_scope :subject
......
---
title: Add Threat Monitoring page
merge_request: 22911
author:
type: added
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment