Incidents

Navigation:  Imunify360 User Interface >

Incidents

Previous pageReturn to chapter overviewNext page

Choose Incidents tab to view and manage the list of all the incidents. The table displays a list of detected incidents with all the information about the incidents reasons.

 

001

 

 

Use filters to show the exact list of incidents:

 

Timeframe - allows filtering incidents by different time periods.

Page size - allows setting the number of incidents to be shown on a page.

List - allows filtering incidents by White, Black, or Gray lists, or showing the incidents from all lists.

IP - allows showing all the incidents of a proper IP address. Tick IP checkbox to enable input field where you can enter a proper IP or a part of it and filter the list by clicking on magnifier or pressing Enter.

Country - allows filtering the incidents by abusers country. Tick Country checkbox to enable input field with auto-complete where you can enter a proper country and  filter the incidents by clicking magnifier or pressing Enter.

 

tloi

 

Switch Auto-refresh to enable or disable automatic refresh of the incidents in the table without reloading the web-page.

 

auto_refresh

 

The list of incidents contains the following information:

 

Date - the time when the incident happened.

IP - the IP address of the abuser.

Country - country origin of the abuser IP address.

№ of Times - the number of times the abuser tried to repeat the action.

Event - description of the event or suspicious activity (as it is described by OSSEC and Mod_Security sensors).

Severity - severity level of the incidents (as it is estimated in OSSEC severity levels and Mod_Security severity levels). The color of severity means:

 

oGreen - Mod_Security levels 7-5, OSSEC levels 00-03;

oOrange - Mod_Security level 4, OSSEC levels 04-10;

oRed - Mod_Security levels 3-0, OSSEC levels 11-15.

 

list

 

Click on an Incident to expand the detailed information.

 

expand

 

Actions available for the Incidents:

 

1.Disabling the rule of the incident and add it to the list of Disabled rules. Click ban icon in a proper incident row and confirm the action:

 

disable_ossec

 

2.Adding an IP to the Black, White list or excluding from both. Click cog icon and choose the list:

 

action_02