This section helps you analyze IPDS activity in more detail. You can view the reports by:
- Farms: See which of the Farms were hit the hardest.
- Rules: Find out which security rules blocked the most attacks.
- Hours: Identify the times of day when attacks are most frequent.
- Remote IPs: Track down the internet addresses launching the most attacks.
Just switch between these views using the tabs at the top for a clear picture of your IPDS activity.
Farms
This section monitors attacks directed towards specific farms. The image below shows the stats generated for each Farm and we’ll describe each of the fields in the section below.
Here is a brief description of each of the fields in the image above.
- Farm: This identifies the specific farm that was attacked.
- Blacklists: This shows how many attacks originated from known bad addresses and targeted this farm.
- DoS: This shows how many Denial-of-Service attacks occurred.
- RBL: This indicates how many spam emails or content were directed at this farm.
- WAF: This shows how many attacks trying to exploit weaknesses in applications on this farm were detected.
- Whitelists: This shows the total number of attacks that originated from allowed IP addresses but were still directed at this farm.
- Total: This is the sum of all attack types for this particular farm.
Rules
This section helps you identify the rules that blocked the IPDS attacks.
This is a brief description of each of the fields in the image above.
- Rule: This identifies the specific security rule that blocked the attack.
- Blacklists: This shows how many attacks originated from known bad addresses and were blocked by this particular rule.
- DoS: This shows how many Denial-of-Service attacks were blocked by this rule.
- RBL: This indicates how many spam attempts (emails or content) were blocked by this rule, likely from sources known to send spam.
- WAF: This shows how many attacks trying to exploit weaknesses in applications were blocked by this particular rule.
- Whitelists: This shows how many attacks originated from allowed IP addresses but were still blocked by this rule.
- Total: This is the sum of all attack types blocked by this particular rule.
Hours
This section helps you identify the time and date at which the most attacks occurred.
Here’s what each column means:
- Hour: This shows the specific hour of the day (0-23).
- Blacklists: This shows how many attacks originated from known bad addresses during that hour.
- DoS: This indicates how many Denial-of-Service attacks happened in that hour.
- RBL: This shows how many spam attempts (emails or content) occurred during that hour, likely from sources known to send spam.
- WAF: This shows how many attacks trying to exploit weaknesses in applications were detected in that hour.
- Whitelists: This shows how many attacks originated from allowed IP addresses but were still detected during that hour.
- Total: This is the sum of all attack types for that specific hour.
Remote IPs
This section helps you identify the most frequent attackers by their IP addresses.
Here’s what each column means:
- Remote IP: This shows the IP address that launched the attack.
- Total: This shows the total number of attacks that came from that specific IP address.