Verifying Attacks¶

Wallarm automatically rechecks attacks for active vulnerability detection.

You can check the attack verification status and force an attack recheck on the Events tab. Selected attack will be the basis for the test attack set generation.

Check the Attack Verification Status¶

1. Click the Events tab.

2. Check the status in the "Verification" column.

Attack Verification Status Legend¶

• Verified: The attack has been verified.

• Error: An attempt to verify an attack type that does not support verification.

• Forced: The attack has a raised priority in the verification queue.

• Scheduled: The attack is queued for verification.

• Could not connect to the server: It is not possible to access the server at this time.

Forcing an Attack Verification¶

1. Select an attack.

2. Click the status sign in the "Verification" column.

3. Click Force verification.

Wallarm will raise the priority of the attack verification in the queue.

Attack Types that Do Not Support Verification¶

Attacks of the following types do not support verification:

• Brute-force

• Forced browsing

• Attacks with a request processing limit

• Attacks for which the vulnerabilities have already been closed

• Attacks that do not contain enough data for verification

• Attacks that consist of hits grouped by originating IPs

Attack re-check will fail in the following cases:

• Attacks sent via the gRPC or Protobuff protocol

• Attacks sent via the HTTP protocol of the version different from 1.x

• Attacks sent via the method different from one of the following: GET, POST, PUT, HEAD, PATCH, OPTIONS, DELETE, LOCK, UNLOCK, MOVE, TRACE

• Failed to reach an address of an original request

• Attack signs are in the HOST header

• Request element containing attack signs is different from one of the following: uri , header, query, post, path, action_name, action_ext