The Active Threat Verification component was always a unique feature of Wallarm. Having the ability to replay the attack/payload against the application (or its staging environment) gives our customers unique insights into critical events when an attacker identifies exploitable security issues.
With this new improvement to the UI, you can now see a real-time view of the process of threat verification.
No need to check attacks manually as Wallarm will do it automatically and report if there is a security incident
We show whether each attack is:
Now for every security incident, there is a quick link to the vulnerability affected. You can jump directly to the description and a how-to-fix instruction.
Blacklist is another new feature appearing in the UI. Although most attacks can be mitigated request by request, we still need a blacklist of IP addresses to block bots and mitigate behavioral-based attacks such as application abuse, brute force, and dirbusting.
For every banned IP address, we give an explanation. For instance, a customer might be informed that 184.108.40.206 was blocked because of a series of XSS, SQLi and XXE attacks.
You can see a list of the IP addresses that were banned, and the reasons why. You can quickly unblock any IP address, or change the time when it will be unblocked automatically. You can add an IP address or a whole subnet to the list, if you want them blocked.
Remember that requests are not blocked by IP address on the NGINX/Wallarm layer, so you have to set up integration with your load-balancer or firewall, as described in the documentation.
The introduction of Blacklist is accompanied by a new dashboard metric called Blocked IPs.
Looking forward to hearing your feedback. And let us know if you need a live demo of the new features.