The Client Forensic report provides insights into client activity in the course of an attack. It presents a detailed analysis of the client traffic patterns prior to an attack. The report gives the following information :
  • The APIs accessed by the client and the total number of requests made to these APIs.
  • The different types of attacks executed by the client and the count of those attacks.
  • The URLs accessed by the client and the total number of requests made to these URLs.

The client activity is reported in the time intervals of 10-minutes.

View the Client Forensic report

To know the details of client activity before an attack, complete the following steps :
Note: The steps are explained using IP Address as the client identifier. You can follow the same process to retrieve client forensics for other client identifier types.
  1. Click Recent Attacks in Forensic Reports, to open the Recent Attacks report.

  2. Click on icon next to IP to sort the recent attacks for that client identifier type. Click on the IP Address for which the client forensics are to be retrieved. This opens the detailed report for the client.

  3. In the IP report, select the Attack for which the client forensics are required. This opens the Attack Insights report for the client.

  4. In the Attack Insight report, select the Attack Time from Client Forensics Links to open the Client Forensics report for the client.

  5. The Client Forensic report provides detailed client activity prior to the attack time that is selected in the step-4. It displays details like the APIs and URLs accessed by the client, other attacks executed by the client. It also provides the count of such requests and attacks.

Note: Changes to the Time Range filter on the top-right corner of the Dashboard will not impact the results retrieved by the Client Forensic report.