Analyzing Attacks

You can check attacks on the Events tab of the Wallarm interface.

Wallarm automatically groups together associated malicious requests into an entity — an attack.

Analyze an Attack

You can get information about an attack by investigating all the table columns described in «Checking Attacks and Incidents».

Analyze Requests in an Attack

  1. Select an attack.
  2. Click the number in the Requests column.

Clicking the number will unfold all requests in the selected attack.

Requests in the attack

Each request displays the associated information in the following columns:

  • Date: Date and time of the request.
  • Payload: Attack vector. Clicking the value in the payload column displays reference information on the attack type.
  • Origin IP: The IP address from which the request originated. Clicking the IP address adds the IP address value into the search field.
  • Status: The server's response status code from the request.
  • Size: The server's response size.
  • Time: The server's response time.

Analyze a Request in Raw Format

The raw format of a request is the maximum possible level of detail.

  1. Select an attack.
  2. Click the number in the Requests column.
  3. Click the arrow next to the date of the request.

The Wallarm interface will display the request in its raw format.

Raw format of the request

results matching ""

    No results matching ""