Page created: 27 Jan 2022 |
Page updated: 9 Jan 2023
The Attack management dashboard shows the clients which were flagged for an Indicator of Attack (IoA) or anomaly for the specified period.
To view the Anomalous client list summary information, click Attack management.
The Anomalous client list has the following columns:
|Client ID||The unique ID of the client that originated the IoA or anomaly|
|IoAs/Anomalies||The count of IoAs or anomalies for the client for the time range|
|Types of event||The count per type of IoA or anomaly for the client|
|Client type||The type of client:
|Reviewed||Reviewed status toggle:
|Actions||Possible actions to take (three-dots) drop down:
Sorting and filtering
- Sort the Anomalous client list output according to one of:
- Detected time (default), from the most recent date and time to the least recent.
- IoA count, ordered by Client ID, from the client with the highest number of IoAs to the client with the least IoAs.
- Anomaly count, ordered by Client ID, from the client with the highest number of anomalies to the client with the least anomalies.
- Apply filters to narrow down the Anomalous client list.
You can filter the Anomalous client list further:
- Select one or more Client ID Types from the
- IP address
- API key
- Select a date range from Quick dates drop
- Last 1 day (default)
- Last 7 days
- Last 30 days
- Custom: define a period from a starting date and time to an ending date and time
- Search client identifiers: Enter search
strings or partial strings of the Client
- The search is case-insensitive.
- Wildcard searches, for example using an asterisk (*), are not supported.
- Use of quotation marks is not supported.
- Be aware of the use of spaces in a search string. A leading or trailing space can filter out results. A single space is not regarded as multiple consecutive spaces.
- Click Filter to apply the following
- Select one or more Threat level
- IoA (default)
- All (default)
- Not reviewed
- Select one or more APIs from the drop down
- Select one or more IoA types from the drop down
- Select one or more Threat level options:
- Select one or more Client ID Types from the drop down:
Drill downs and actions
- On the right side of the row in the main Anomalous client
list, click the
three-dots drop down to choose an action option:
- Client activity: Navigate to the Client activity dashboard, for further inspection and analysis of the client's activities during the reported period.
- Tune IoA detection: Select this option to update models to not flag this behavior in the future.
- Remove from blocklist: Select this option to update models to remove this entry from the blocklist.
- Drill down
- Click on a row to navigate to the client's Indicators of Attack and Anomalies dashboard, for further drill downs, inspection and analysis of the client's activities during the reported period.