Skip to content

Working with False Attacks

A false attack is a valid request erroneously identified as an attack.

After analyzing an attack, you may conclude that all requests in this attack or the part of them are false positives.

Mark an Attack as a False Positive

  1. Select an attack in the Events section.

  2. Collapse the list of requests in this attack.

  3. Define a valid request and click False in the Actions column.

    False attack

  4. Confirm the action clicking the OK button in the modal window.

    The pop-up message

If all the requests in the attack are marked as the false positives, then the information about that attack will look like this:

The whole attack is marked as false one

Wallarm will reconfigure the traffic filtration rules. These requests will not be detected as an attack from now on.