--- title: Attack management description: The Attack management dashboard shows the clients which were flagged for an Indicator of Attack (IoA) for the specified period. component: pingintelligence version: 5.1 page_id: pingintelligence:pingintelligence_dashboard:pingintelligence_attack_management canonical_url: https://docs.pingidentity.com/pingintelligence/5.1/pingintelligence_dashboard/pingintelligence_attack_management.html revdate: April 3, 2024 section_ids: sorting-and-filtering: Sorting and filtering drill-downs-and-actions: Drill downs and actions --- # Attack management The **Attack management** dashboard shows the clients which were flagged for an Indicator of Attack (IoA) for the specified period. To view the **Attack list** summary information, click **Attack management**. ![PingIntelligence Attack List](_images/njr1639658295544.png) The **Attack list** has the following columns: | Column | Description | | ----------- | ---------------------------------------------------------------------------------------------------------------- | | Client ID | The unique ID of the client that originated the IoA | | IoAs | The number of IoAs for the client for the time range | | Client type | The type of client:- Token - IP address - Cookie - Username - API key | | Reviewed | Reviewed status toggle:- Reviewed (On) - Not reviewed (Off) | | Actions | Possible actions to take (three-dots) drop down:- Client activity - Tune IoA detection - Remove from blocklist | ## Sorting and filtering * Sorting Sort the **Attack list** output according to one of: * **Detected time** (default), from the most recent date and time to the least recent. * **IoA count**, ordered by **Client ID**, from the client with the highest number of IoAs to the client with the least IoAs. * Filtering Apply filters to narrow down the **Attack list**. * Select one or more **Client ID Types** from the drop down: * Token * IP address * Cookie * Username * API key * Select a date range from **Quick dates** drop down: * Last 1 day (default) * Last 7 days * Last 30 days * Custom: define a period from a starting date and time to an ending date and time Click **Go** to apply the filters to the **Attack list** output. You can filter the **Attack list** further: * **Search client identifiers**: Enter search strings or partial strings of the **Client ID** | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | * The search is case-insensitive. * Wildcard searches, for example using an asterisk (`\*`), are not supported. * Use of quotation marks is not supported. * Be aware of the use of spaces in a search string. A leading or trailing space can filter out results. A single space is not regarded as multiple consecutive spaces. | * Click **Filter** to apply the following filter parameters: * **Reviewed** * All (default) * Reviewed * Not reviewed * Select one or more **APIs** from the drop down * Select one or more **IoA types** from the drop down ## Drill downs and actions * Actions On the right side of the row in the main **Attack management** list, or at the top right of the **IoAs** dashboard, click the three-dots drop down to choose an action option: * [Client activity](pingintelligence_client_activity.html): Navigate to the **Client activity** dashboard, for further inspection and analysis of the client's activities during the reported period. * **Tune IoA detection**: Select this option to update models to not flag this behavior in the future. * **Remove from blocklist**: Select this option to update models to remove this entry from the blocklist. * Drill down Click on a row to navigate to the client's [IoAs (Indicators of Attack)](pingintelligence_ioas.html) dashboard, for further drill downs, inspection and analysis of the client's activities during the reported period.