Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All


    The Attackers page contains any information on profiled attackers, and can be accessed by clicking Attackers in the left navigation menu.

    Figure 1: Recent Attackers

    Recent Attackers

    There are various data views you can navigate through via the tabs near the top of the page. You can also search for attackers by using the search field in the upper right side of the page, under the Filter widget.

    • Top Attackers This tab contains an ordered list of the most active attackers, calculated based on a weighting algorithm that takes into account the number of incidents and their corresponding complexities.
    • Recent Attackers This tab displays a table of the most recent profiles active on the protected system. Each row consists of the Profile name, Threat level, their Public ID (for use with the Support Processor), the Last IP they used on the system, the First Time and Last Time they attacked the system, and available actions for that profile. Clicking on the "eye" icon or the profile name will lead you to the page for that particular profile. You can also click on a threat level to view other attackers with similar threat, and you can click on a Last IP to navigate to the Location page for that IP. To keep this data fresh, the monitor will periodically refresh the page (if Auto-refresh is enabled in the User Preferences). To stop this from happening, click the alarm clock icon in the top right corner of the tab to stop refresh.
    • Time Graph The Time Graph is a larger version of the same line graph displayed on the Dashboard.
    • Severity Graph This graph is a larger version of the same pie graph displayed on the Dashboard.

    Note: At any point on this page, you can click on an attacker's given name to navigate to that Attacker's Profile page.

    Figure 2: Attacker Profile

    Attacker Profile

    The Attacker Profile page displays any information that pertains to a particular attacker. At the top of the page you will see the Attacker Card, which contains a short overview of the profile. This card contains the attacker's assigned name, last IP used, the first and last date the attacker was active, and the Public ID of the attacker, for use with the Support Processor in unblocking that profile. On the right side of the card there is a threat gauge that indicates the current threat of that attacker, where green, yellow, and red indicate low, medium, and high threat, respectively. The severity icons are displayed as follows:

    • (n/a): 0.0 - None
    • : 1.0 - Suspicious
    • : 2.0 - Low
    • : 3.0 - Medium
    • : 4.0 - High

    Available on the right side of the Attacker Profile page is a quick Actions box, where you can rapidly perform various profile-related functions such as blocking the attacker, warning the user, editing the profile, and deleting the profile.

    Note: Deleting the profile will essentially erase all information gathered on that attacker, and will effectively remove all blocks or other responses on that profile.

    Underneath the attacker card and quick actions box is a series of tabs, where all of the attacker's specific activity information resides. The Incidents tab contains a list of all incidents triggered by that attacker. The Incident name, complexity, count, first and last time triggered are all available for each item in the list. Additionally you can click the Details icon (the eye) to view more information about any particular incident.

    Published: 2013-11-20