Attack insights provides information on why an attack was identified. The Dashboard displays the percentage by which the normal behavior was exceeded and hence and attack was reported. The attack insight is rendered for a specific API, a client identifier and an attack type, for example, header manipulation attack. To view the attack insight, navigate to the main Dashboard. Click on Recent Attacks and then click on a client identifier. In the Dashboard page of the client identifier that is displayed, click on the Attack to display the Attack Insight Dashboard page for that specific attack. To view the percentage deviation from the normal behavior, hover your mouse over the bar.
In the following screenshot, the deviations are 5 and 9900% from the normal behavior.
Attack remediation allows you to verify if the client that has executed an attack is on the active blacklist at that point in time. You can unblock a client and remove from the blacklist. If blocking is not enabled, then the client will be on the blacklist but not blocked. You can access the Attack management Dashboard to Unblock the client or Tune the thresholds from Attack remediation. For more information, see Tune thresholds and unblock clients.