Skip to main content

Monitor attacks On-premises customers only

Note

This procedure is for on-premises customers.

You can see an overview of current and past attacks, the IP addresses of attackers, attack types, and which applications were exploited.

  1. Select Attacks in the header.

  2. If an attacker has a source name, you can hover over it to see a list of associated IP addresses .

    If an attacker doesn't have a source name, their avatar will show a question mark. If an attacker has successfully exploited an application, their avatar will be red.

    Note

    If the data reported for an attack event matches more than one source name, Contrast applies the most recently updated name.

    Click on a IP address or source name to see details for that attacker.

  3. To filter attacks you can:

    • Filter attacks by date range and environment. 

    • Search to find attacks by a specific attacker IP or source name.

    • Search by affected applications or specific Assess or Protect rules.

    • Check Show probed to include information for attack events that resulted in a “Probed” status.

  4. Under Attack events you can see a list of the types of attacks detected, along with the total number of attack events per type.

  5. Under Target application, you can see each application targeted by an attack.