This section provides you with a checklist to ensure your Wallarm instance operates correctly.
|Wallarm node detects attacks||Attacks are detected|
|You can log into the Wallarm interface||You can log in|
|Wallarm interface shows requests per second||You see the requests stats|
|Wallarm marks requests as false and stops blocking them||Wallarm does not block the requests|
|Wallarm detects vulnerabilities and creates security incidents||Security incidents are created|
|Attack verification works||Attacks are verified|
|Wallarm detects perimeter||Scope is discovered|
|Blacklisting works||IP addresses are blocked|
|Users can be configured and have proper access rights||Users can be created and updated|
|User activity log has records||The log has records|
|Reporting works||You receive reports|
Send a malicious request to your resource:
Run the following command to check if the attack count increased:
$ curl http://127.0.0.8/wallarm-status
See also Checking the filter node operation
- Proceed to the link that corresponds to the cloud you are using:
- See if you can log in successfully.
See also Dashboard overview.
Send a request to your resource:
$ curl http://
Or send several requests with a bash script:
for (( i=0 ; $i<10 ; i++ )) ; do curl http://<resource_URL> ; done
This example is for 10 requests.
Check if the Wallarm interface shows detected requests per second.
See also Application firewall.
- Expand an attack on the Attacks tab.
- Select a hit and click False.
- Wait for around 3 minutes.
- Resend the request and check if Wallarm detects it as an attack and blocks it.
See also Working with false attacks.
- Ensure you have an open vulnerability on your resource.
- Send a malicious request to exploit the vulnerability.
- Check if there is an incident detected in the Wallarm interface.
See also Checking attacks and incidents.
- On the Attacks tab, check the detected malicious request from the previous step.
- Check the status in the Verification column.
See also Verifying attacks.
- On the Scanner tab, add your resource's domain.
- Check if Wallarm discovers all resources associated with the added domain.
See also Working with the scanner.
- Set up IP address blocking as described in Blocking by IP address.
- On the Settings -> Blacklist tab, add the blocked IP address.
- Check if the IP address is blocked and the Wallarm interface displays the IP address as blocked.
See also IP Blacklist.
- Ensure you have the Administrator role in the Wallarm system.
- Create, change role, disable, and delete a user as described in Configuring users.
See also Configuring users.
- Go to Settings –> Users.
- Check that User Activity Log has records.
See also User activity log.
- On the Attacks tab, put in a search query.
- Click the report button on the right.
- Put in your email and click the report button again.
- Check if you receive the report.
See also Creating a custom report.