Help Center
Release Notes
Indusface
Help Center
Release Notes
Indusface
AppTrana
OverviewOnboarding to AppTranaComparison between Old Portal and New Portal
Dashboard
Groups & Assets
Manage Assets
WAAP
Vulnerability
Attacks
Manage Attacks
Bandwidth
Actions
Logs & Reports
License & Utilizatiion
Settings
Profile
Others
Indusface WAS
Additional Resources
Zero-Day Vulnerability Reports
Security Bulletins
Vulnerability data
Vulnerabilities 2024
Other Vulnerabilities
AppTrana API Integration
Indusface Partner APIsUpdate Origin Server Address through API Call

Manage Attacks

Introduction 

 

The attack status is defined by the number of attacks received over a specific period and how these attacks are blocked using various policies and rules, such as bot policies, DDoS policies, core rules, custom rules, and others. 

The Protection Performance section is divided into three parts, each with checkboxes that allow you to filter attack trends, making it easier to view specific trends individually. 

A percentage value is provided to show the increase or decrease in the number of attacks blocked for each category, compared to the last 7 days, 30 days, or last month. 

Attacks Blocked Breakdown: 

  • By policy type: Core rules, Custom rules, DDoS, BOT 
  • By custom rules: Geo & IP, Others 

 By default, attacks trend shows details of all the attacks blocked. 

 

Highest Attacks Blocked 

 

The summary details about maximum attacks received at IP level and countries level.  

Attacks details by IP 

The maximum number of attacks blocked from the top 5 IPs, along with the detailed attack count is displayed. 

Top 5 IPs and Countries for: 

  • Attacks blocked 
  • Blocked by core rules 
  • Blocked by custom rules 
  • Blocked by Geo and IP 
  • Blocked by custom policies 
  • Blocked by DDoS policies 
  • Blocked by BOT policies 

 

Attacks Trend 

 

  • This section displays attack trends for different parameters, including core rules, custom rules, DDoS policies, bot policies, geo and IP rules, and other custom rules. 
  • Customers can filter by Action and Group by fields to view the trend. 
  • Action includes Logged and Blocked options. 
  • Group by includes IP, Category, and URL options. 

 

Attack Details 

 

  • Select the IP or URL or Category from the Attacks Trend table, for which you want to see the attack details. 
  • In the Details column, click View
  • Result: You’ll be navigated to the selected IP attack details. 
  • The page displays the attack trend of blocked IP, and the number of attacks blocked from the IP. 
  • Additionally, it shows the attacks category, URL, severity, date and time of the attack registered, and attack severity. 
  • Click View in the payload column to view the payload details. 

 

Payload Details 

 

This page displays the payload data and lets you Allow or Block the IP. 

IP Details Parameter Description 
Country The geographical location of the attacker is displayed here. 
URL The attacker’s URL is displayed here. 
Category Attack Category name is displayed here. 
Severity The severity of the a 
Number of attacks The total number of attacks received is displayed here. 
Action This field displays the action taken—whether the IP is blocked or logged. 
Blocked Details Rule ID  The rule ID is an autogenerated ID assigned to a rule that blocks various attacks under the same rule category. 
Policy Name If the attack is blocked by a policy, the policy name is displayed here. 
Unique ID An auto generated unique ID is assigned for every attack. 
Payload Location The payload location is the URL, where the payload data is found. 
Payload Data The payload is script or content that is received from the response. 
PHP Session ID A session ID is a unique identifier, which is assigned to the user when accessing the site. 
Alias This field displays the alias domain URL. 

 

 

Was this helpful?

Powered by Product Fruits