Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configure Spotlight Secure Session Cookies and Locations

    As part of the overall Spotlight Secure solution, WebApp Secure sends information on malicious cookies and IP session to Spotlight Secure Connector. WebApp Secure recommends a threat level for the session cookie based on a set of criteria and how malicious the associated attacker is deemed to be. Note that all sessions are not sent to the Connector, only malicious items.

    • Low threat levels (4-5) incorporate IP addresses and hosts where the threat is not as severe, the malicious activity has not been seen for a long period of time, or there is evidence of both malicious and non-malicious activity on the same host. For example, requesting server configuration files, non-standard HTTP requests, attempting to locate files not linked by the web server.
    • Medium threat (6-7) levels represent a moderate threat and are unlikely to be non-malicious. For example, tampering with cookies, attempting to defeat tracking techniques, manipulating honeypot code.
    • High threat levels (8-10) represent severe threats at a very high level of certainty. For example, attempting to crack passwords, session spoofing attacks, attempting to defeat WebApp Secure counter-responses.

    To view session cookies and locations sent to the Connector, in the WebApp Secure Web UI, navigate to Spotlight Secure > Security Intelligence. There you will find a Session Cookies tab and a Locations tab..

    Published: 2015-02-04