Checking Attacks and Incidents

You can check attacks and incidents on the Events tab of the Wallarm interface. By default, the tab displays today's data in two tabs:

  • The Attacks tab displays all groups of associated malicious requests.
  • The Incidents tab displays all the malicious requests that exploit existing vulnerabilities.

You can use the search field or manually set the data period.

The Attacks Tab

Attacks tab

The Attacks tab displays information in the following columns:

  • Date: The date and time of the malicious request.
    • If several requests of the same type were detected at small intervals, the attack duration appears under the date. Duration is the time period between the first request of a certain type and the last request of the same type in the specified time frame.
    • If the attack is happening at the current moment, the «now» label will appear in a small red font.
  • Requests: The number of the requests in the attack in the specified time frame.
    • The number in a smaller font displayed under the main number shows the total number of requests in the attack in the entire time.
  • Payloads: The number of requests of the most encountered malicious code type and its name.
    • The number in a smaller font displayed under the main number shows the total number of requests of the same type in the attack in the entire time.
  • Origin IP: The IP address from which the malicious request originated. When the malicious requests originated from several IP addresses, the interface shows the IP address with the biggest number of the requests.
    • The number in smaller black font displayed under the main number shows the total number of IP addresses from which the requests from the same attack originated in the specified time frame.
    • The number in small grey font shows the total number of IP addresses from which the requests from the same attack originated in the entire time.
  • Domain: The domain that the request targeted.
    • The line in a smaller font displayed under the domain is the path that the request targeted.
  • Status: The server's response status code on the request. When there are several response status codes, the most frequent one is displayed.
    • The number in a smaller font displayed under the main number shows the total amount of different response status codes of the protected resource on the selected attack in the specified time frame.
    • The number in small grey font shows the total number of different response status codes of the protected resource on the selected attack in the entire time.
  • Parameter: The malicious request's parameters.
  • Verification: The attack verification status.

The Incidents Tab

The Incidents tab displays information similarly to the Attacks tab, except for the last column. The table of incidents does not have the Verification column, but the Vulnerabilities column instead.

The Vulnerabilities column displays the vulnerability, that the corresponding incident exploited.

Incidents tab

Clicking on the corresponding vulnerability brings you to its detailed description and instructions on how to fix it.

results matching ""

    No results matching ""