The following pages are used to manage Nemesida WAF settings.
Section is intended for adding license keys. It is presented in the form of a table, where the following are indicated:
- description of the key;
- access to the functionality of the cloud API;
- license key expiration date;
- number of available behavioral models;
- WAF ID;
- available actions on the key.
To add a new key to the list, click , where we specify the license key and its description.
Actions on the key
You can perform 3 actions with the license key:
- create an identification token;
- change the description;
- delete from the list.
An identification token is used instead of a license key to manage Nemesida WAF settings using the cloud API.
Nemesida WAF dynamic module
After clicking on the Nemesida WAF dynamic module settings management section opens.
To complete the configuration of this module, it is enough to set a condition for temporary automatic blocking of the IP address (ban). Using the parameter will allow the functionality of detecting DDoS attacks, brute force attacks and flood attacks to block the source of the attack.
By clicking on you can add a new set of values for the parameter, a dialog box will appear for this.
For example, we added a request blocking condition separately for the domain
example.com and blocking conditions for all other domains. To edit the current settings, click on .
After saving, the settings are applied automatically to all installed copies of the Nemesida WAF dynamic module, the settings of which can be controlled using a web application.
Nemesida AI MLC
When clicking on opens the settings management section of the Nemesida AI MLC machine learning module.
To activate additional features (detection of DDoS attacks, brute force attacks and flood), it is necessary to activate the corresponding sections.
Behavioral Model Management ¶
To start the process of building behavioral models, you need to add a virtual host corresponding to the domain of the protected web application, for example,
Behavioral models whose training has been completed are displayed in the section “Behavioral models of Nemesida AI”. Next to the name of each behavioral model there is a status indicator, where:
- – the behavioral model is being retrained;
- – training is completed, the behavioral model is applied to the virtual host.
If you need to retrain the model, then you need to click and select the retraining mode. If the retraining of the model should be performed during the standard period (4 days), then to start the retraining process, just click .
Increasing the learning time of Nemesida AI behavioral models
The correct construction of models requires about 400.000-800.000 unique requests. By default, the training period is 4 days. To change the training period, click and an additional field will appear where you need to specify the training period in days.
Additional training of models using a backup copy of the training sample
If the number of requests was insufficient during the training, then you can restart it and use the requests from the previous sample. To do this, follow these steps:
1. Stop the Nemesida AI MLC service:
# service mlc_main stop
2. Move the file
[timestamp] is the date of creation of a backup copy of the training sample created by Nemesida AI MLC before starting the model construction, in
/opt/mlc/ml/[vhost].d. For example, for the model
# mv /opt/mlc/ml/backup/example.com.d_1613587613 /opt/mlc/ml/example.com.d
3. Start the training.
4. Launch the Nemesida AI MLC service:
# service mlc_main start
Copying a behavioral model
To copy the behavioral model to another virtual host, click and select the virtual host for which the behavioral model will be copied.
Removing a behavioral model
In case of incorrect training of behavioral models or significant changes in the web application that lead to a lot of false positives, it is recommended to delete the models. To delete a model, select the desired model and click .