Navigation:  Imunify360 User Interface >


Previous pageReturn to chapter overviewNext page

Choose Incidents tab to view and manage the list of all the incidents. The table displays a list of detected incidents with all the information about the incidents reasons.





Use filters to show the exact list of incidents:


Timeframe - allows filtering incidents by different time periods.

Page size - allows setting the number of incidents to be shown on a page.

List - allows filtering incidents by White, Black, or Gray lists, or showing the incidents from all lists.

IP - allows showing all the incidents of a proper IP address. Tick IP checkbox to enable input field where you can enter a proper IP or a part of it and filter the list by clicking on magnifier or pressing Enter.

Country - allows filtering the incidents by abusers country. Tick Country checkbox to enable input field with auto-complete where you can enter a proper country and  filter the incidents by clicking magnifier or pressing Enter.




Switch Auto-refresh to enable or disable automatic refresh of the incidents in the table without reloading the web-page.




The list of incidents contains the following information:


Date - the time when the incident happened.

IP - the IP address of the abuser.

Country - country origin of the abuser IP address.

№ of Times - the number of times the abuser tried to repeat the action.

Event - description of the event or suspicious activity (as it is described by OSSEC and Mod_Security sensors).

Severity - severity level of the incidents (as it is estimated in OSSEC severity levels and Mod_Security severity levels). The color of severity means:


oGreen - Mod_Security levels 7-5, OSSEC levels 00-03;

oOrange - Mod_Security level 4, OSSEC levels 04-10;

oRed - Mod_Security levels 3-0, OSSEC levels 11-15.




Click on an Incident to expand the detailed information.




Actions available for the Incidents:


1.Disabling the rule of the incident and add it to the list of Disabled rules. Click ban icon in a proper incident row and confirm the action:




2.Adding an IP to the Black or White list, click cog icon and choose the action: