腾讯云 WAF¶

腾讯云 Web 应用防火墙（Web Application Firewall，WAF）是一款基于 AI 的一站式 Web 业务运营风险防护方案, 展示的指标包括 WAF 运行状态、攻击次数、攻击流量、攻击 IP 数、攻击域名数、攻击端口数、攻击类型分布、攻击来源分布、攻击时间分布、攻击趋势等，这些指标反映了 WAF 的运行状态和攻击情况。

配置¶

安装 Func¶

推荐开通观测云集成 - 扩展 - 托管版 Func: 一切前置条件都自动安装好, 请继续脚本安装

如果自行部署 Func 参考自行部署 Func

开通脚本¶

提示：请提前准备好符合要求的腾讯云 AK（简单起见，可直接授予全局只读权限ReadOnlyAccess）

托管版开通脚本¶

登陆观测云控制台
点击【集成】菜单，选择【云帐号管理】
点击【添加云帐号】，选择【腾讯云】，填写界面所需的信息，如之前已配置过云帐号信息，则忽略此步骤
点击【测试】，测试成功后点击【保存】，如果测试失败，请检查相关配置信息是否正确，并重新测试
点击【云帐号管理】列表上可以看到已添加的云账号，点击相应的云帐号，进入详情页
点击云帐号详情页的【集成】按钮，在未安装列表下，找到腾讯云 WAF，点击【安装】按钮，弹出安装界面安装即可。

手动开通脚本¶

登陆Func 控制台，点击【脚本市场】，进入观测云脚本市场，搜索 integration_tencentcloud_waf
点击【安装】后，输入相应的参数：腾讯云 AK、SK、及账户名称
点击【部署启动脚本】，系统会自动创建 Startup 脚本集，并自动配置相应的启动脚本
开启后可以在「管理 / 自动触发配置」里看到对应的自动触发配置。点击【执行】，即可立即执行一次，无需等待定期时间。稍等片刻，可以查看执行任务记录以及对应日志

验证¶

在「管理 / 自动触发配置」确认对应的任务是否已存在对应的自动触发配置，同时可以查看对应任务记录及日志检查是否有异常
在观测云，「基础设施 / 自定义」中查看是否存在资产信息
在观测云，「指标」查看是否有对应监控数据

指标¶

配置好腾讯云-云监控,默认的指标集如下, 可以通过配置的方式采集更多的指标腾讯云云监控指标详情

指标英文名	指标中文名	说明	单位	维度	统计规则
4xx	访问请求4XX总数	访问请求4XX总数	Count	domain, edition	[60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
4xxNew	访问请求4XX总数	访问请求4XX总数	Count	instance	[5s, sum], [10s, sum], [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
5xx	访问请求5XX总数	访问请求5XX总数	Count	domain, edition	[60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
5xxNew	访问请求5XX总数	访问请求5XX总数	Count	instance	[5s, sum], [10s, sum], [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
Access	WAF访问次数总量	WAF访问次数总量	Count	domain, edition	[10s, sum], [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
AccessNew	WAF访问次数总量	WAF访问次数总量	Count	instance	[5s, sum], [10s, sum], [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
Attack	WAF攻击次数总量	WAF攻击次数总量	Count	domain, edition	[60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
AttackNew	WAF攻击次数总量	WAF攻击次数总量	Count	instance	[5s, sum], [10s, sum], [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
Bot	BOT请求总数	BOT请求总数	Count	domain, edition	[60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
BotNew	BOT请求总数	BOT请求总数	Count	instance	[5s, sum], [10s, sum], [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
Bw	IP黑名单攻击总数	IP黑名单攻击总数	Count	domain, edition	[10s, sum], [60s, sum], [300s, sum]
Cc	CC攻击次数总量	CC攻击次数总量	Count	domain, edition	[60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
CcNew	CC攻击次数总量	CC攻击次数总量	Count	instance	[5s, sum], [10s, sum], [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
Down	下行带宽总量	下行带宽总量	Bytes	domain, edition	[60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
DownNew	下行带宽总量	下行带宽总量	Bytes	instance	[5s, sum], [10s, sum], [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
InBandwidth	入带宽	入带宽	MBytes	domain, edition	[60s, expr], [300s, sum], [3600s, sum], [86400s, sum]
InBandwidthNew	入带宽	入带宽	Bytes	instance	[60s, expr], [300s, sum], [3600s, sum], [86400s, sum]
Leak	防敏感信息泄漏攻击总数	防敏感信息泄漏攻击总数	Count	domain, edition	[10s, sum], [60s, sum], [300s, sum]
MetricnameCustomSecurity	自定义策略攻击	自定义策略攻击数	Count	domain, edition	[60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
MetricnameCustomSecurityNew	自定义策略攻击	自定义策略攻击	Count	instance	[60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
OutBandwidth	出带宽	出带宽	MBytes	edition, domain	[60s, expr], [300s, sum], [3600s, sum], [86400s, sum]
OutBandwidthNew	出带宽	出带宽	MBytes	instance	[60s, expr], [300s, sum], [3600s, sum], [86400s, sum]
Qps	每秒访问请求数	每秒访问请求数	Count/s	edition, domain	[10s, expr], [60s, max], [300s, max], [3600s, max], [86400s, max]
QpsNew	每秒访问请求数	每秒访问请求数	Count/s	instance	[10s, expr], [60s, max], [300s, max], [3600s, max], [86400s, max]
Ratio4xx	4XX状态码百分占比	4XX状态码百分占比	%	domain, edition	[60s, expr], [300s, expr]
Ratio4xxNew	4XX状态码百分占比	4XX状态码百分占比	%	instance	[60s, expr], [300s, expr]
Ratio5xx	5XX请求百分占比	5XX请求百分占比	%	domain, edition	[60s, expr], [300s, expr]
Ratio5xxNew	5XX请求百分占比	5XX请求百分占比	%	instance	[60s, expr], [300s, expr]
RatioAttack	WEB攻击百分占比	WEB攻击百分占比	%	domain, edition	[60s, expr], [300s, expr]
RatioAttackNew	WEB攻击百分占比	WEB攻击百分占比	%	instance	[60s, expr], [300s, expr]
RatioBot	BOT攻击百分占比	BOT攻击百分占比	%	domain, edition	[60s, expr], [300s, expr]
RatioBotNew	BOT攻击百分占比	BOT攻击百分占比	%	instance	[60s, expr], [300s, expr]
RatioCc	CC攻击百分占比	CC攻击百分占比	%	domain, edition	[60s, expr], [300s, expr]
RatioCcNew	CC攻击百分占比	CC攻击百分占比	%	instance	[60s, expr], [300s, expr]
RatioInBandwidth	实例入带宽利用率	实例入带宽利用率	%	instance	[60s, expr]
RatioOutBandwidth	实例出带宽利用率	实例出带宽利用率	%	instance	[60s, expr]
RatioQps	实例QPS利用率	实例QPS利用率	%	instance	[60s, expr]
Tamper	页面防篡改攻击总数	页面防篡改攻击总数	Count	domain, edition	[10s, sum], [60s, sum], [300s, sum]
U4xx	上游请求4XX总数	上游请求4XX总数	Count	edition, domain	[60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
U4xxNew	上游请求4XX总数	上游请求4XX总数	Count	instance	[5s, sum], [10s, sum], [60s, sum], [300s, sum]
U5xx	上游请求5XX总数	上游请求5XX总数	Count	domain, edition	[60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
U5xxNew	上游请求5XX总数	上游请求5XX总数	Count	instance	[5s, sum], [10s, sum], [60s, sum], [300s, sum]
Up	上行带宽总量	上行带宽总量	Bytes	edition, domain	[60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
UpNew	上行带宽总量	上行带宽总量	Bytes	instance	[5s, sum], [10s, sum], [60s, sum], [300s, sum]
Upstream	上游回源次数	上游回源次数	Count	domain, edition	[60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
UpstreamNew	上游回源次数	上游回源次数	Count	instance	[5s, sum], [10s, sum], [60s, sum], [300s, sum]

说明拉取 Web 应用防火墙指标数据时，Region 请统一选择“广州”地域。

各维度对应参数总览¶

参数名称	维度名称	维度解释	格式
Instances.N.Dimensions.0.Name	domain	客户端攻击的域名维度名称	输入 String 类型维度名称：domain
Instances.N.Dimensions.0.Value	domain	客户端攻击的具体域名	输入客户端攻击的具体域名，例如：www.cloud.tencent.com
Instances.N.Dimensions.1.Name	edition	Web 应用防火墙实例类型维度名称	输入 String 类型维度名称：edition
Instances.N.Dimensions.1.Value	edition	Web 应用防火墙实例具体类型	输入 Web 应用防火墙实例具体类型，例如：SaaS WAF（入参值为0）或 CLB WAF（入参值为1）
Instances.N.Dimensions.2.Name	instance	Web 应用防火墙实例维度名称	输入 String 类型维度名称：instance
Instances.N.Dimensions.2.Value	instance	Web 应用防火墙实例具体的名称	输入Web应用防火墙实例具体的名称，例如：waf_2kxtpo960i9y7i05

对象¶

采集到的腾讯云 WAF 对象数据结构, 可以从「基础设施-自定义」里看到对象数据

{
  "time": 1749782297000,
  "AppId": "1311317185",
  "CCList": "[]",
  "ClsStatus": "0",
  "Cname": "15bfb3de8de69192de22b581c2a66571.qcloudwzgj.com",
  "CreateTime": "2025-06-09T14:47:48+08:00",
  "Domain": "",
  "DomainId": "13f6c2f0def0558e9f5234270434d1b0",
  "Edition": "sparta-waf",
  "EditionNum": "0",
  "Engine": "1",
  "InstanceId": "waf_2l12weqc17ldfpop",
  "InstanceName": "gz-Default",
  "Level": "2",
  "LoadBalancerSet": "[]",
  "Ports": "[{\"NginxServerId\": 408141, \"Port\": \"80\", \"Protocol\": \"http\", \"UpstreamPort\": \"80\", \"UpstreamProtocol\": \"http\"}]",
  "Region": "gz",
  "RegionId": "",
  "RsList": "[\"134.175.221.0/24\"]",
  "SrcList": "[]",
  "State": "1",
  "Status": "1",
  "__docid": "CO_fcaf33c5dcca7aca4735e6b5d9857f2e",
  "__namespace": "custom_object",
  "__update_time": 1749782297000,
  "account_name": "",
  "class": "tencentcloud_waf",
  "cloud_provider": "tencentcloud",
  "create_time": 1749782297797,
  "date": 1749782297000,
  "date_ns": 1749782297000000000,
  "last_update_time": 1749782297797,
  "message": "{\"AccessStatus\": 1, \"AlbType\": \"\", \"ApiStatus\": 0, \"AppId\": 1311317185, \"BotStatus\": 0, \"CCList\": [], \"CdcClusters\": \"\", \"CloudType\": \"\", \"ClsStatus\": 0, \"Cname\": \"15bfb3de8de69192de22b581c2a66571.qcloudwzgj.com\", \"CreateTime\": \"2025-06-09T14:47:48+08:00\", \"Domain\": \"xxxxx.com\", \"DomainId\": \"13f6c2f0def0558e9f5234270434d1b0\", \"Edition\": \"sparta-waf\", \"EditionNum\": 0, \"Engine\": 1, \"FlowMode\": 0, \"InstanceId\": \"waf_2l12weqc17ldfpop\", \"InstanceName\": \"gz-Default\", \"Ipv6Status\": 0, \"Labels\": [\"\"], \"Level\": 2, \"LoadBalancerSet\": [], \"Mode\": 1, \"Note\": \"\", \"Ports\": [{\"NginxServerId\": 408141, \"Port\": \"80\", \"Protocol\": \"http\", \"UpstreamPort\": \"80\", \"UpstreamProtocol\": \"http\"}], \"PostCKafkaStatus\": 0, \"PostCLSStatus\": 0, \"Region\": \"gz\", \"RegionId\": \"ap-guangzhou\", \"RsList\": [\"134.175.221.0/24\"], \"SgDetail\": \"\", \"SgID\": \"\", \"SgState\": 0, \"SrcList\": [], \"State\": 1, \"Status\": 1, \"UpstreamDomainList\": [\"www.xxxxx.com\"]}",
  "name": "13f6c2f0def0558e9f5234270434d1b0",
  "time_us": 1749782297000000,
  "__searches": []
}

注意：tags、fields中的字段可能会随后续更新有所变动