Choose Incidents tab to view and manage the list of all the incidents. The table displays a list of detected incidents with all the information about the incidents reasons.
Use filters to show the exact list of incidents:
•Timeframe - allows filtering incidents by different time periods.
•Page size - allows setting the number of incidents to be shown on a page.
•List - allows filtering incidents by White, Black, or Gray lists, or showing the incidents from all lists.
•IP - allows showing all the incidents of a proper IP address. Tick IP checkbox to enable input field where you can enter a proper IP or a part of it and filter the list by clicking on magnifier or pressing Enter.
•Country - allows filtering the incidents by abusers country. Tick Country checkbox to enable input field with auto-complete where you can enter a proper country and filter the incidents by clicking magnifier or pressing Enter.
Switch Auto-refresh to enable or disable automatic refresh of the incidents in the table without reloading the web-page.
The list of incidents contains the following information:
•Date - the time when the incident happened.
•IP - the IP address of the abuser.
•Country - country origin of the abuser IP address.
•№ of Times - the number of times the abuser tried to repeat the action.
•Event - description of the event or suspicious activity (as it is described by OSSEC and Mod_Security sensors).
oGreen - Mod_Security levels 7-5, OSSEC levels 00-03;
oOrange - Mod_Security level 4, OSSEC levels 04-10;
oRed - Mod_Security levels 3-0, OSSEC levels 11-15.
Click on an Incident to expand the detailed information.
Actions available for the Incidents:
1.Disabling the rule of the incident and add it to the list of Disabled rules. Click ban icon in a proper incident row and confirm the action:
2.Adding an IP to the Black, White list or excluding from both. Click cog icon and choose the list: