What does the WAF event count represent in PulseLab?
- Published
- Updated
PulseLab displays WAF event counts to indicate the volume of detected requests that were blocked or evaluated by AWS WAF rule groups within a given analysis snapshot.
These event counts represent aggregated activity over the selected analysis window and are used to highlight relative levels of suspicious or automated traffic reflected in the dashboard.
Event counts are not real-time metrics and do not represent individual request logs or user-specific traffic. Instead, they provide a high-level indicator of where WAF rules are most actively triggering within the analyzed dataset.
Because PulseLab uses periodic snapshots and aggregation, event counts should be interpreted as trend signals rather than exact traffic volumes.
