Attack insights provides information on why an attack was identified. The Dashboard displays
the percentage by which the normal behavior was exceeded and hence and attack was
reported. The attack insight is rendered for a specific API, a client identifier and an
attack type, for example, header manipulation attack. To view the attack insight,
navigate to the main Dashboard. Click on Recent
Attacks and then click on a client identifier. In
the Dashboard page of the client identifier that is displayed, click on the
Attack to display the Attack Insight Dashboard page for that specific
attack. To view the percentage deviation from the normal behavior, hover your mouse over
the bar.
In the following screenshot, the deviations are 5 and 9900% from the normal behavior.
Attack remediation
Attack remediation allows you to verify if the client that has executed an attack is on the
active blacklist at that point in time. You can unblock a client and remove from the
blacklist. If blocking is not enabled, then the client will be on the blacklist but
not blocked. You can access the Attack management Dashboard to
Unblock the client or Tune the thresholds
from Attack remediation. For more information, see Tune thresholds and unblock clients.