Major update for Wallarm UI

2017-10-15T21:00:08
ID WALLARMLAB:1EE962366CA9FB42E7BF724CA34388BC
Type wallarmlab
Reporter Wallarm
Modified 2017-10-24T01:47:18

Description

We’ve just released a couple of features we’re really excited about

Live Threat Verification results

The Active Threat Verification component was always a unique feature of Wallarm. Having the ability to replay the attack/payload against the application (or its staging environment) gives our customers unique insights into critical events when an attacker identifies exploitable security issues.

With this new improvement to the UI, you can now see a real-time view of the process of threat verification.

No need to check attacks manually as Wallarm will do it automatically and report if there is a security incident

We show whether each attack is:

  • scheduled for verification, or;
  • already checked with a scanner and considered to be safe (not exploiting any issues), or;
  • validated as a security incident (confirmed to be targeting actual application’s security issues).

Vulnerability to Incident correlation

Now for every security incident, there is a quick link to the vulnerability affected. You can jump directly to the description and a how-to-fix instruction.

Blacklist

Blacklist is another new feature appearing in the UI. Although most attacks can be mitigated request by request, we still need a blacklist of IP addresses to block bots and mitigate behavioral-based attacks such as application abuse, brute force, and dirbusting.

For every banned IP address, we give an explanation. For instance, a customer might be informed that 63.128.163.26 was blocked because of a series of XSS, SQLi and XXE attacks.

You can see a list of the IP addresses that were banned, and the reasons why. You can quickly unblock any IP address, or change the time when it will be unblocked automatically. You can add an IP address or a whole subnet to the list, if you want them blocked.

Remember that requests are not blocked by IP address on the NGINX/Wallarm layer, so you have to set up integration with your load-balancer or firewall, as described in the documentation.

The introduction of Blacklist is accompanied by a new dashboard metric called Blocked IPs.

Looking forward to hearing your feedback. And let us know if you need a live demo of the new features.


Major update for Wallarm UI was originally published in Wallarm on Medium, where people are continuing the conversation by highlighting and responding to this story.