Support

You cannot do that and you should not do that. The number of blocked attacks IS NOT A VALID KEY PERFORMANCE INDICATOR FOR SECURITY. See https://www.akeeba.com/documentation/admin-tools/atlotsofexceptions.html 

The TL;DR version is that the number of attacks against your site varies over time for reasons unrelated to anything that you are doing. One month your site may be getting probed by an attacker and you will see, let's say, 100,000 attacks being blocked. The next month the attacker is no longer probing your site, having determined they cannot find a viable exploit, and you see only 50 attacks being blocked. Treating the number of blocked requests as a KPI would mislead you into thinking that your security is not working when, in fact, the reality is the exact opposite.

I was a business consultant before I started this software development company. I understand KPIs and how a bad metric can lead to perilous decisions being made. That's why I made sure I am never going to give you a bad KPI which would mislead you into shooting your feet.

As I explicitly stated in my previous reply, the number of attacks blocked does NOT prove or disprove that the WAF is working. Even though you are saying you don't want to use it as a KPI, what you want to use it for is the very definition of a KPI.

Again: any attack detected will be blocked. However, you do not know how many attacks are launched against your site, nor do you have any control over them. Therefore reporting just the number of blocked requests (attacks stopped) tells you nothing at all.

If one month you have 100,000 blocked requests and the next month you have 0 does it mean that the WAF stopped working? It's actually impossible to tell! In most likelihood one month you were under attack / being probed by an attacker and the next month nobody attacked or tried to probe your site. Or they kept on doing that from the same IP addresses which were already blocked, thereby extending the time they are blocked. Or your host noticed a pattern of malicious requests and blocks them at the web host level. Or you are using a CDN in front of your site which is now blocking these malicious requests.

That's what I am saying all along. The number of blocked requests does not tell you ANYTHING.

If you really want to measure that you can of course look at the number of records in the #__admintools_exceptions table which records the blocked requests. Do note that by default the access from blocked IPs will NOT be recorded. You can configure that in the Configure WAF page. However, spamming your database table with possibly hundreds of thousands of blocked requests just to be able to report a high number at the expense of site performance sounds a lot like shooting your feet.

Yes, I am aware that other WAFs report the number of blocked requests (and we also do in the Admin Tools Control Panel page) but it's NOT a metric that tells you anything useful. Zero blocked requests does NOT necessarily mean your WAF is not working.

Okay, it was unclear what you were asking.

No, we do not provide an external report. You can always copy the information and the graph from the Control Panel.

The data source for this information is the #__admintools_exceptions table. Over there you will see all blocked requests with a date and time stamp. You can pull that information in Excel (either with a direct MySQL data source or by exporting the table to CSV using phpMyAdmin on your host's control panel) and create all the graphs and reports you need. In my experience as a business consultant, trying to implement reports in whatever software is always going to be a very poor attempt at what Excel (and Apple Numbers, LibreOffice Calc and other spreadsheets) can provide.

Thank you and have a great day!