WAAP and WAAP systems can generate thousands or millions of event records every day. A raw log file, however, is not sufficient for audit and management reporting. Auditors need a summary showing which attacks were observed, how many were blocked, which application paths were targeted and how events were distributed over time.
In compliance processes the challenge is not only to keep logs — it is to demonstrate that logs are reviewed regularly, that security incidents receive responses and that critical application surfaces are being tracked. PCI DSS 11.5.1 requires evidence that IDS/IPS alerts are monitored and acted upon. HIPAA § 164.308(a)(1)(ii)(D) requires a weekly security-incident review summary. OWASP ASVS, GDPR and KVKV reporting requirements demand similar evidence chains. Without weekly, monthly or periodic security reports, that chain depends on manual work and individual interpretation.
Manual analysis is not sustainable. Searching log files, counting attack IDs by hand, extracting IP and country distributions, preparing charts and producing per-customer reports consume operations team time. In multi-vService or multi-tenant environments this burden grows further.
Management wants one kind of summary, the technical team wants another level of detail and the auditor needs a traceable evidence trail. A single-format, screen-only or raw-data-only reporting approach cannot satisfy these different needs. PDF, XLSX and templatable output matter precisely because of this diversity.
TR7's WAAP reporting approach converts attack logs into readable, filterable and exportable security evidence for technical teams, management, auditors and customers.
TR7 produces WAAP reports through template, aggregation, visualisation and export layers.
Each report template runs independently with its own configuration file, content file and helper functions. This design lets organisations define headings, sections, language and presentation layout for each distinct reporting requirement.
PDF reports are rendered through a Chrome-based output engine. A4 portrait layout, margins, background printing and page breaks keep reports readable for audit distribution and sharing.
WAAP event records are read and grouped by fields such as attack ID, path, country, city, browser, operating system, hostname and IP. Millions of log lines are thus reduced to actionable summary metrics.
The same reporting dataset can be exported to XLSX. Security and management teams can use this output for tabular analysis, filtering, pivot summaries or additional internal reporting workflows.
TR7 WAAP Compliance Reporting turns attack statistics into visual, filterable and exportable report outputs.
The WAAP-focused report template produces output centred on WAAP events: total requests, attack counts, blocked events, attack distributions and hourly trends presented in a single document. This structure makes technical event data suitable for audit and management presentations. Turkish and English language selection is supported at template level.
The general ADC traffic reporting template covers not only attack events but also overall application access and traffic status. Used alongside WAAP reports, it brings security and availability visibility under the same reporting framework. Operations teams can manage different report types through the same engine.
Hourly trends, category distributions and attack intensity are presented through bar and pie charts. This accelerates interpretation of raw counts. In management presentations, which attack class is concentrating, at which hours spikes occur and which application paths are being targeted all become immediately apparent.
Reports can display country distribution on a map, making it visually clear where attack sources are concentrated. This information supports analysis of regional threat trends, unexpected geographic origins and access-policy discussions. Security teams can report country-level risk more easily.
TR7 classifies WAAP attack levels as very low, low, medium, high, very high and structural based on score thresholds. Not all events appear equal in weight; critical and structurally risky attacks are more easily distinguished in the report. Operations teams can quickly see which events require deeper investigation.
Attack ID values can be translated into meaningful attack names through a translation dictionary. Reports contain recognisable attack names — not just numeric signature IDs — that security teams and auditors can understand. The same data can be presented in Turkish or English output.
TR7 can export report data to XLSX alongside PDF. The XLSX output is suitable for filtering, sorting, pivot tables and additional management summaries. CISO teams may prefer this format for periodic benchmarking or per-customer analysis, turning the report from a read-only document into a processable dataset.
Using a vService or service-pool parameter, separate reports can be generated for each customer or application in multi-tenant, MSSP or large enterprise environments. This separation preserves overall security visibility while enabling per-customer detail sharing. Reports can be scoped to the intended audience without unnecessary data leakage.
WAAP reporting separates heavy log-processing workloads from the main system, operating with controlled template, memory, timeout and file-structure behaviour.
Report generation can run as a separate process. This prevents heavy PDF or XLSX production from directly burdening the main TR7 processing pipeline. Process isolation provides operational safety for long-running report jobs.
Producing reports from large datasets can take minutes. The reporting process therefore supports extended timeout settings and a large heap (up to 6 GB). Large periodic reports are not subject to the same assumptions as short-lived interface operations.
Each template is maintained in its own directory with configuration, content and helper function files. This separation keeps WAAP reports, general ADC reports and organisation-specific report types well organised. Template independence reduces maintenance and customisation cost.
Reporting data can be organised through hourly summary files. This makes it straightforward to produce reports for specific date and time ranges. Pre-summarised data structures are used instead of reprocessing large log files from scratch each time.
TR7 can aggregate across attack IDs, paths, cities, countries, browsers, operating systems, browser-OS combinations, hostnames and IPs. Each category answers a different type of question. Auditors see event classes, operations teams see targeted paths, and management sees geographic and periodic trends.
The current structure focuses on WAAP attack statistics and event reporting. In PCI DSS, HIPAA, ISO 27001, GDPR or GDPR scenarios this dataset can be linked to relevant control headings through template adaptation. This distinction keeps the report's actual scope clear and avoids inaccurate compliance claims.
A bank can present SQL injection, remote code execution and similar attack categories as PDF in its quarterly audit report. Country distribution, IP lists and hourly trends serve as evidence in PCI DSS audit meetings.
A healthcare organisation can summarise WAAP events directed at backend services handling patient data in a monthly report. The technical team sees attack paths while management tracks overall risk trends and blocked requests in the context of HIPAA requirements.
A public institution can report WAAP attack statistics and traffic to critical application surfaces as part of annual data protection activities. The template can be adapted to the institution's own GDPR or ISO 27001 reporting headings.
A managed security service provider can produce a separate report for each tenant or customer using per-vService filtering. PDF serves customer communication; XLSX serves internal analysis and management summaries.
PDF, XLSX and template-based reporting to prepare your security events for auditors, management and customers. Let us show you how it works in your own environment.