Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All


    The Incidents page contains any information on specific incidents that have been triggered, and offers additional information on all of the incidents that can be detected by WebApp Secure.

    There are various data views you can navigate through via the tabs near the top of the page. You can also search within Incidents by using the search field in the upper right side of the page, under the Filter widget.

    • Most Common This tab displays a list of the most frequently triggered incidents in descending order. Count of triggered incidents of that type is displayed to the right of each item in the list, and a graphic depicting the complexity of that incident is visible to the left. Clicking on a particular incident in this list will bring you to a page with additional information on that incident. By default, WebApp Secure only displays malicious incidents (those that might be of direct interest to WebApp Secure users). If you wish to show all incidents triggered, you can click on the Show all incidents link above the list.
    • Most Recent This tab displays a table of the most recent incidents triggered. The incident name is displayed along with the profile that triggered the incident, the complexity of that incident, the Count indicating the number of times that incident was triggered at one time (using the same data), the first and last times the profile activated that particular incident, and any actions available to the WebApp Secure user regarding that incident. You can navigate to other pages by using the tab above the table. Here you can jump to the next page, previous page, first page, and last page by using the corresponding buttons. You can also jump to a specific page or change the number of rows returned per page by clicking on the label between the navigation buttons. By default, only malicious incidents are displayed. To display all malicious and non-malicious incidents, click the Show all incidents link above the title. To keep this data fresh, the monitor will periodically refresh the page (if Auto-refresh is enabled in the User Preferences). To stop this from happening, click the alarm clock icon in the top right corner of the tab to stop refresh.
    • Browse by Complexity For informational purposes, this tab allows you to browse the list of detectable incidents, grouped by complexity. Clicking on an incident will bring you to an informational page that contains a description of that incident, and allows you to search for triggered incidents of that type.
    • Time Graph The Time Graph is a larger version of the same bar graph displayed on the Dashboard.
    • Severity Graph This graph is a larger version of the same pie graph displayed on the Dashboard.

    Note: Clicking on a particular incident's name will bring you to the Incident Details page for that incident. On this page all information about that particular incident is shown.

    Near the top of the page there is an incident infobox that contains a summary of the incident, including the Attacker that caused the incident, the Location and Environment that attacker was using, the Session (IP) used when triggering the incident, and the First and Last times that particular incident occurred. Underneath the infobox there is a series of tabs that display the Description of the Incident type, Details for the incident (differs from incident to incident), and the raw Request and Response objects.

    Published: 2013-11-20