Checking attacks and incidents

You can check attacks and incidents on the Attacks tab of the Wallarm interface. By default, the tab displays today's data.

You can use the search field or set the data period manually.

Wallarm automatically groups associated malicious requests into an entity – an attack. For example, when Wallarm detects a number of requests on the same domain with an attack targeted at the same parameter, the requests are grouped into an attack. These are the attacks you see on the Attacks tab.

The Attacks tab displays information in the following columns:

  • Data – The date and time of the malicious request. When there are several requests of the same type with different time stamps, there is duration data displayed under the date. A duration is the time period between the first request of a certain type and the last request of the same type in the specified time frame.
  • Requests – The number of the grouped requests in the specified time frame. There is also a number in smaller font displayed under the main number – this number shows the total amount of requests of the same type in the entire time.
  • Vector – The malicious code type.
  • Origin IP – The IP address from which the malicious request originates. When the malicious requests originate from several IP addresses, the interface shows the IP address with the biggest number of the requests. There is also a number in smaller font displayed under the main number – this number shows the total amount of IP addresses from which the requests of the same type originate.
  • Domain – The domain path that the request targets.
  • Status – The server's response status code on the request. When there are several response status codes, the most frequent one is displayed. There is also a number in smaller font displayed under the main number – this number shows the total amount of different response status codes of the protected resource on the selected request type.
  • Parameter – The malicious request's parameters.
  • Verification – The attack status verification.

Vulnerability to Incident correlation

Each incident is tied to a vulnerability, and the corresponding vulnerability is displayed in the Vulnerabilities column.

Clicking the corresponding vulnerability brings you to a detailed description of it with instructions on how to fix it.

results matching ""

    No results matching ""