Difference between revisions of "Event Report window"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "Event Report windows show detailed information about the selected event, the rule which generated the event and the source IP for the event.<br/><br/> Clicking on the read mor...")
 
 
Line 30: Line 30:
 
WAF rules may also have their behavior modified for specific vhosts by entering the vhost, setting the other values as desired, and clicking the add button.<br/>
 
WAF rules may also have their behavior modified for specific vhosts by entering the vhost, setting the other values as desired, and clicking the add button.<br/>
 
Settings for a vhost may be removed by clicking the remove button.<br/>
 
Settings for a vhost may be removed by clicking the remove button.<br/>
 +
 +
[[File:aslw_revent.png]]

Latest revision as of 11:53, 9 October 2014

Event Report windows show detailed information about the selected event, the rule which generated the event and the source IP for the event.

Clicking on the read more link under the rule's description will open a wiki article containing further information about the rule in a new window.

Contents

[edit] Event Information

The source IP addresses may be added to or removed from the blacklist or whitelist, or have their country of origin added to or removed from the geo-blocking by clicking the appropriate button.

Clicking on a rule number will open a Rule Report window
Clicking on the IP address will open an IP Report window
Clicking on the country code will open a Country Report window

[edit] Reporting a False Positive

Clicking the false positive button will send a false positive report to Atomicorp.
You will be prompted for some additional information about the actions and web application involved.
Note that false positive reports may not be sent if you are not running the current rules.

[edit] Reporting a False Negative

For HIDS rules, you may also send a false negative report.

[edit] Rule Settings

The behavior of the rule may be modified by altering the Rule Settings form.

  • disable
    Setting this value to 'yes' will disable the rule
  • level
    Adjusts the severity of the rule
  • email
    Setting this value to 'yes' will include events for this rule in email notifications
  • log
    Setting this value to 'yes' will log events for this rule
  • active response
    Setting this value to 'yes' will enable shunning of source IPs which generate events for this rule

Clicking the update button will save your changes.
Clicking the reset button will remove any current or previously saved changes to the rule, reverting it to its default state.

WAF rules may also have their behavior modified for specific vhosts by entering the vhost, setting the other values as desired, and clicking the add button.
Settings for a vhost may be removed by clicking the remove button.

Aslw revent.png

Personal tools