Event Report window
Event Report windows show detailed information about the selected event, the rule which generated the event and the source IP for the event.
Clicking on the read more link under the rule's description will open a wiki article containing further information about the rule in a new window.
Contents |
[edit] Event Information
The source IP addresses may be added to or removed from the blacklist or whitelist, or have their country of origin added to or removed from the geo-blocking by clicking the appropriate button.
Clicking on a rule number will open a Rule Report window
Clicking on the IP address will open an IP Report window
Clicking on the country code will open a Country Report window
[edit] Reporting a False Positive
Clicking the false positive button will send a false positive report to Atomicorp.
You will be prompted for some additional information about the actions and web application involved.
Note that false positive reports may not be sent if you are not running the current rules.
[edit] Reporting a False Negative
For HIDS rules, you may also send a false negative report.
[edit] Rule Settings
The behavior of the rule may be modified by altering the Rule Settings form.
- disable
Setting this value to 'yes' will disable the rule - level
Adjusts the severity of the rule - email
Setting this value to 'yes' will include events for this rule in email notifications - log
Setting this value to 'yes' will log events for this rule - active response
Setting this value to 'yes' will enable shunning of source IPs which generate events for this rule
Clicking the update button will save your changes.
Clicking the reset button will remove any current or previously saved changes to the rule, reverting it to its default state.
WAF rules may also have their behavior modified for specific vhosts by entering the vhost, setting the other values as desired, and clicking the add button.
Settings for a vhost may be removed by clicking the remove button.