Attacks are groups of attack events coming from a single IP address over a sustained period of time. An attack can be comprised of events that target multiple applications and servers as well as multiple attack types, such as SQL Injection, Command Injection or specific CVEs.

An attack ends once Contrast agents no longer see attack events for a period of time. If Contrast sees new attack events from the same IP address after an attack is closed, a new attack is created.

Select Attacks in the top navigation to see a record of all attacks seen by applications that have Protect enabled. These attacks include both monitored attacks as well as blocked attacks.

In Contrast, you can: