Wallarm User Acceptance Testing Checklist¶
This section provides you with a checklist to ensure your Wallarm instance operates correctly.
|Wallarm node detects attacks||Attacks are detected|
|You can log into the Wallarm interface||You can log in|
|Wallarm interface shows requests per second||You see the requests stats|
|Wallarm marks requests as false and stops blocking them||Wallarm does not block the requests|
|Wallarm detects vulnerabilities and creates security incidents||Security incidents are created|
|Attack verification works||Attacks are verified|
|Wallarm detects perimeter||Scope is discovered|
|Blacklisting works||IP addresses are blocked|
|Users can be configured and have proper access rights||Users can be created and updated|
|User activity log has records||The log has records|
|Reporting works||You receive reports|
Wallarm Node Detects Attacks¶
- Send a malicious request to your resource:
- Run the following command to check if the attack count increased:
See also Checking the filter node operation
You Can Log into the Wallarm Interface¶
Proceed to the link that corresponds to the cloud you are using:
See if you can log in successfully.
See also Dashboard overview.
Wallarm Interface Shows Requests per Second¶
- Send a request to your resource:
Or send several requests with a bash script:
for (( i=0 ; $i<10 ; i++ )) ; do curl http://<resource_URL> ; done
This example is for 10 requests.
- Check if the Wallarm interface shows detected requests per second.
See also The "WAF" Dashboard.
Wallarm Marks Requests as False and Stops Blocking them¶
Expand an attack on the Attacks tab.
Select a hit and click False.
Wait for around 3 minutes.
Resend the request and check if Wallarm detects it as an attack and blocks it.
See also Working with false attacks.
Wallarm Detects Vulnerabilities and Creates Security Incidents¶
Ensure you have an open vulnerability on your resource.
Send a malicious request to exploit the vulnerability.
Check if there is an incident detected in the Wallarm interface.
See also Checking attacks and incidents.
Attack Verification Works¶
On the Attacks tab, check the detected malicious request from the previous step.
Check the status in the Verification column.
See also Verifying attacks.
Wallarm Detects Perimeter¶
On the Scanner tab, add your resource's domain.
Check if Wallarm discovers all resources associated with the added domain.
See also Working with the scanner.
Set up IP address blocking as described in Blocking by IP address.
On the Settings -> Blacklist tab, add the blocked IP address.
Check if the IP address is blocked and the Wallarm interface displays the IP address as blocked.
See also IP Blacklist.
Users Can Be Configured and Have Proper Access Rights¶
Ensure you have the Administrator role in the Wallarm system.
Create, change role, disable, and delete a user as described in Configuring users.
See also Configuring users.
User Activity Log Has Records¶
Go to Settings –> Users.
Check that User Activity Log has records.
See also User activity log.
On the Attacks tab, put in a search query.
Click the report button on the right.
Put in your email and click the report button again.
Check if you receive the report.
See also Creating a custom report.