# Prometheus Integrate open-appsec with [Prometheus](https://prometheus.io/) to collect and monitor key metrics related to WAF performance and behavior. {% hint style="warning" %} Prometheus integration is currently in **beta**. Features and behavior may change in future releases. {% endhint %} ## Configuration #### Prerequisites * Access to a SaaS tenant on [my.openappsec.io](https://my.openappsec.io) * An open-appsec Agent connected to a **centrally managed** Profile * If you don't have an agent see instructions on how to get started [here](https://docs.openappsec.io/getting-started). * If the agent is running as a container, ensure Prometheus port `7465` is open. * Prometheus Server #### Instructions Centrally managed mode: 1. In the Web UI, go to the **Profiles** page 2. Click the profile assigned to your agent and switch to **Advanced** tab 3. Under **Advanced Settings**, add: * **Key:** `prometheus` * **Value:** `true` 4. Click **Enforce Policy** to apply changes

4. Add a Job in your Prometheus Server configure the agent IP and Port, see example: ``` scrape_configs: - job_name: 'openappsec' static_configs: - targets: [':7465'] ``` #### Instructions locally managed mode: 1. Enable Prometheus Metrics: **Linux:** To enable Prometheus metrics collection, set the following environment variable **before running the installation script**: ```bash export PROMETHEUS=true ``` **Docker (`docker-compose.yml`)** Add the environment variable to your service definition: ```yaml services: open-appsec-agent: image: environment: - PROMETHEUS=true ``` **Kubernetes:** ``` env: PROMETHEUS: "true" ``` 2. Add a Job in your Prometheus Server configure the agent IP and Port, see example: ``` scrape_configs: - job_name: 'openappsec' static_configs: - targets: [':7465'] ``` #### Disabling Prometheus If you need to disable Prometheus after installation: 1. Edit the configuration file: ```bash sudo vi /etc/cp/conf/environment-details.cfg ``` 2. Locate the `PROMETHEUS` entry and change its value from: ```bash PROMETHEUS=true ``` to: ```bash PROMETHEUS=false ``` 3. Restart the agent. {% hint style="info" %} Disabling Prometheus is only effective **about 30 minutes after the initial installation**. {% endhint %} ## Supported Parameters

Display Name	Type	Description
nano_service_restarts_counter	LastReportedValue	watchdog process restart counter
total_requests_counter	Counter	total requests
unique_sources_counter	Counter	sources
requests_blocked_by_force_and_exception_counter	Counter	override: force exception and force block
requests_blocked_by_waf_counter	Counter	WAF blocked requests
requests_blocked_by_open_api_counter	Counter	API blocked requests
requests_blocked_by_bot_protection_counter	Counter	bot protection blocked requests
requests_threat_level_info_and_no_threat_counter	Counter	requests identified as info threat + none threat
requests_threat_level_low_counter	Counter	request identified as low threat
requests_threat_level_medium_counter	Counter	request identified as medium threat
requests_threat_level_high_counter	Average	request identified as high threat
post_requests_counter	Counter	post requests
get_requests_counter	Counter	get requests
put_requests_counter	Counter	put requests
patch_requests_counter	Counter	patch requests
delete_requests_counter	Counter	delete requests
other_requests_counter	Counter	other requests
2xx_status_code_responses_counter	Counter	response 2xx
4xx_status_code_responses_counter	Counter	response 4xx
5xx_status_code_responses_counter	Counter	response 5xx
requests_time_latency_average	Average	average latency
sql_injection_attacks_type_counter	Counter	SQL Injection
vulnerability_scanning_attacks_type_counter	Counter	Vulnerability Scanning
path_traversal_attacks_type_counter	Counter	Path Traversal
ldap_injection_attacks_type_counter	Counter	LDAP Injection
evasion_techniques_attacks_type_counter	Counter	Evasion Techniques
remote_code_execution_attacks_type_counter	Counter	Remote Code Execution
xml_extern_entity_attacks_type_counter	Counter	XML External Entity
cross_site_scripting_attacks_type_counter	Counter	Cross Site Scripting
general_attacks_type_counter	Counter	General
all_assets_counter	LastReportedValue	number of protected assets
prevent_action_matches_counter	Counter	prevent engine matches
detect_action_matches_counter	Counter	detect engine matches
ignore_action_matches_counter	Counter	ignore engine matches
cpu_usage_percentage_max	Max	Max CPU usage
cpu_usage_percentage_average	Average	Average CPU usage
cpu_usage_percentage_last_value	LastReportedValue	last CPU usage reported
service_virtual_memory_size_kb_max	Max	max service virtual memory size
service_virtual_memory_size_kb_min	Min	min service virtual memory size
service_virtual_memory_size_kb_average	Average	average service virtual memory size
service_physical_memory_size_kb_max	Max	max service RSS memory size
service_physical_memory_size_kb_min	Min	min service RSS memory size
service_physical_memory_size_kb_average	Average	average service RSS memory size
general_total_used_memory_max	Max	max general total memory size
general_total_used_memory_min	Min	min general total memory size
general_total_used_memory_average	Average	average general total memory size