๐ŸŒ
Portal Docs
  • โœจOverview
  • ๐Ÿ“ŠDashboards
    • ๐Ÿ“ˆTraffic Overview
    • ๐Ÿ”Analysis
    • ๐Ÿ”ดPaths Attacked
    • ๐Ÿ‘๏ธโ€๐Ÿ—จ๏ธKnown Bots
    • โšกResponse Overview
    • โšกChallenge Performance
    • โšกTop Attack Sources
    • ๐Ÿ”ฌProfiling
    • ๐Ÿ”ฌDetails
    • ๐Ÿ”POV Report
  • โœ๏ธManagement
    • โ€ผ๏ธQuarantine
    • โ˜‘๏ธTrusted List Management
    • ๐Ÿ“ƒAudit Trail
  • ๐ŸงฎConfiguration
    • โš™๏ธDatastream Configurations
      • ๐Ÿ› ๏ธIntegration details
      • ๐Ÿ‘พChallenge configuration
      • ๐Ÿ”งThreat and Trust Lists
  • ๐Ÿ‘ฅUser Management
    • Single Sign On (SSO)
      • SAML SSO Setup
      • Okta SSO Setup
      • Entra ID SSO Setup
      • SSO FAQs
    • IP Restriction
  • โ”Glossary of Terms
  • ๐Ÿ“—User Guides & Videos
    • Portal Setup & Log Shipping Guide
  • ๐Ÿง™โ€โ™€๏ธCustomer Service Desk
  • ๐Ÿ“–Integrations Documentation
  • Release notes
    • Version 1.7
    • Version 1.6
    • Version 1.5
    • Version 1.4
    • Version 1.3
    • Version 1.2
    • Version 1.1
    • Version 1
Powered by GitBook
On this page
  • What is this report forโ€ฆ
  • Known Attack Signal
  • This will help you toโ€ฆ
  • Dimensions you can filter onโ€ฆ
  • Decision Logic Table
  1. Dashboards

Details

From the Attacker Database, Trusted List, and Response Overview 'More Info' allows you look at in-depth behaviour of a specific item, such as actions taken by a specific IP address

PreviousProfilingNextPOV Report

Last updated 1 month ago

What is this report forโ€ฆ

This report creates an in-depth traffic report for a specific item within either your Attacker Database , Trusted List or any attacker fingerprint selected from the Response Overview. A breakdown of the traffic from the item is shown including where the requests came from, what proportion of the requests had mitigating actions applied and a breakdown of those requests displayed in stacked vertical bar charts. There is also an option to quickly block/unblock or trust a request.

At the bottom of the page, there is a "Decision Logic" table which shows the attack signals and attacker activity associated with the item, if applicable.

Known Attack Signal

If the item is also contained within a Know Attack Signal list that the datastream is subscribed to, a message appears on the page.

This will help you toโ€ฆ

  1. Observe how the request was handled by Netacea over a period of time

  2. See additional stats for the request e.g. how many IP address were associated with the User Agent

  3. Quickly mitigate a request from the screen

  4. Observe what attack signals and activities were associated with any detected threats, if applicable

Dimensions you can filter onโ€ฆ

  • Date Ranges

  • Datastream(s)

Control Name

Options

Date range

Ability to choose the timeframe to report on

Datastream

This indicates the Datastream this item has been seen on

For example you can select a new time period to see this item over a specific two hour period

The time series bar chart shows behaviour of the selected item over time. Underneath the graph, you also get the count of all IP Addresses, User Agents, User IDs, Data Centres and Organisations originating from the selected item.

Decision Logic Table

The "Decision Logic" table outlines identified attack signals and associated attacker activity which categorised using the Blade Framework. This means that clicking on either one of the `Attack Phases`, Attack Techniques or Attack Tactics , a new tab opens showing Blade's description.

๐Ÿ“Š
๐Ÿ”ฌ