Incidents

Navigation:  Imunify360 User Interface >

Incidents

Previous pageReturn to chapter overviewNext page

Choose Incidents tab to view and manage the list of all the incidents. The table displays a list of detected incidents with all the information about the incidents reasons.

 

Use filters to show the exact list of incidents:

 

Timeframe - allows filtering incidents by different time periods.

List - allows filtering incidents by White, Black, or Gray lists, or showing the incidents from all lists.

IP - allows showing all the incidents of a proper IP address. Tick Description/IP checkbox to enable input field where you can enter a proper IP or a part of it and filter the list by clicking on magnifier or pressing Enter.

Country - allows filtering the incidents by abusers country. Tick Country checkbox to enable input field with auto-complete where you can enter a proper country and  filter the incidents by clicking magnifier or pressing Enter.

 

tloi

 

Switch Auto-refresh to enable or disable automatic refresh of the incidents in the table without reloading the web-page.

Set the number of incidents to be shown on a page by choosing the number of items per page in the bottom right of the page.

 

auto_refresh

 

The list of incidents contains the following information:

 

Date - the time when the incident happened.

IP - the IP address of the abuser.

  There is a color indication for IP address.

oA gray bubble means that this IP address is currently in the gray list (so, every connection from this IP address will redirect to the CAPTCHA).

oA blue bubble means that this IP address is currently in no one list (white list/gray list/black list). IP is not blocked.

oA white bubble means that this IP address is currently in the white list. IP will never be blocked by Imunify360.

oA black bubble means that this IP address is currently in the black list. And access from this IP is totally blocked without ability to unblock by the CAPTCHA.

oNo bubble is shown when this incident doesn’t contain IP address.

Country - country origin of the abuser IP address.

№ of Times - the number of times the abuser tried to repeat the action.

Event - description of the event or suspicious activity (as it is described by OSSEC and Mod_Security sensors).

Severity - severity level of the incidents (as it is estimated in OSSEC severity levels and Mod_Security severity levels). The color of severity means:

 

oGreen - Mod_Security levels 7-5, OSSEC levels 00-03;

oOrange - Mod_Security level 4, OSSEC levels 04-10;

oRed - Mod_Security levels 3-0, OSSEC levels 11-15.

 

list

 

Click on an Incident to expand the detailed information.

 

expand

 

Actions available for the Incidents:

 

1.Disabling the rule of the incident and add it to the list of Disabled rules. Click ban icon in a proper incident row and confirm the action:

 

disable_ossec

 

2.Adding an IP to the Black or White list, click cog icon and choose the action:

 

move_button