We’ve just released a couple of features we’re really excited about
Live Threat Verification results
The Active Threat Verification component was always a unique feature of Wallarm. Having the ability to replay the attack/payload against the application (or its staging environment) gives our customers unique insights into critical events when an attacker identifies exploitable security issues.
With this new improvement to the UI, you can now see a real-time view of the process of threat verification.
We show whether each attack is:
- scheduled for verification, or;
- already checked with a scanner and considered to be safe (not exploiting any issues), or;
- validated as a security incident (confirmed to be targeting actual application’s security issues).
Vulnerability to Incident correlation
Now for every security incident, there is a quick link to the vulnerability affected. You can jump directly to the description and a how-to-fix instruction.
Blacklist is another new feature appearing in the UI. Although most attacks can be mitigated request by request, we still need a blacklist of IP addresses to block bots and mitigate behavioral-based attacks such as application abuse, brute force, and dirbusting.
You can see a list of the IP addresses that were banned, and the reasons why. You can quickly unblock any IP address, or change the time when it will be unblocked automatically. You can add an IP address or a whole subnet to the list, if you want them blocked.
Remember that requests are not blocked by IP address on the NGINX/Wallarm layer, so you have to set up integration with your load-balancer or firewall, as described in the documentation.
The introduction of Blacklist is accompanied by a new dashboard metric called Blocked IPs.
Looking forward to hearing your feedback. And let us know if you need a live demo of the new features.