Security Engine Incident Monitoring

While most incidents are triggered by processors, the security engine itself is responsible for several low-level incidents. These will be found in the Web UI under Session Management in the Response Rules page, and can be enabled or disabled through Configuration > Security Engine > Incident Monitoring.

The following settings are available from Security Engine Incident Monitoring window:

Note: WebApp Secure is typically used to protect outward facing web sites on the public Internet. These resources all have fully qualified domain names to allow them to be reached by any client on the Internet. But in some cases, WebApp Secure may be used to protect an internal resource that does not have a fully qualified domain name. For example, when you are testing WebApp Secure on an internally available version of your web site which is soon to be released to the wide world. In this case, you should also include the parameter engine.incidents.url_fuzzing.allow_locals to your configuration through the use of Expert Mode. Set the value of engine.incidents.url_fuzzing.allow_locals to true and save the configuration. This will prevent false alarms coming from legitimate hits on your internally facing site.

Related Documentation