You can check attacks, incidents, and vulnerabilities on the Events tab of the Wallarm interface. This tab displays data in the following tabs:
- The Attacks tab displays all groups of associated malicious requests.
- The Incidents tab displays all the malicious requests that exploit existing vulnerabilities.
- The Vulnerabilities tab displays all the discovered errors made when building or implementing a web application that can lead to an information security risk.
You can use the search field or manually set the data period.
The Attacks tab displays information in the following columns:
- Date: The date and time of the malicious request.
- If several requests of the same type were detected at small intervals, the attack duration appears under the date. Duration is the time period between the first request of a certain type and the last request of the same type in the specified time frame.
- If the attack is happening at the current moment, the «now» label will appear in a small red font.
- Requests: The number of the requests in the attack in the specified time frame.
- Payloads: The number of requests of the most encountered malicious code type and its name.
- The number in a smaller font displayed under the main number shows the total number of requests of the same type in the attack in the entire time.
- Origin IP: The IP address from which the malicious request originated. When the malicious requests originated from several IP addresses, the interface shows the IP address with the biggest number of the requests.
- The number in smaller black font displayed under the main number shows the total number of IP addresses from which the requests from the same attack originated in the specified time frame.
- The number in small grey font shows the total number of IP addresses from which the requests from the same attack originated in the entire time.
- Domain: The domain that the request targeted.
- The line in a smaller font displayed under the domain is the path that the request targeted.
- Status: The server's response status code on the request. When there are several response status codes, the most frequent one is displayed.
- The number in a smaller font displayed under the main number shows the total amount of different response status codes of the protected resource on the selected attack in the specified time frame.
- Parameter: The malicious request's parameters.
- Verification: The attack verification status.
The Incidents tab displays information similarly to the Attacks tab, except for the last column. The table of incidents does not have the Verification column, but the Vulnerabilities column instead.
The Vulnerabilities column displays the vulnerability, that the corresponding incident exploited.
Clicking on the corresponding vulnerability brings you to its detailed description and instructions on how to fix it.
The Vulnerabilities tab displays information in the following columns:
- Date: The date and time of vulnerability discovery.
- Risk: The danger level of the vulnerability.
- Target: The side to be the victim in the case of vulnerability exploitation.
- Type: The type of the malicious code that exploits the vulnerability.
- Domain: The domain that the vulnerability was discovered at.
- ID: The unique identifier of the vulnerability in the Wallarm system.
- Title: The title of the vulnerability.