The Investigation page is made up of two correlating tabs; Analyzer and Forensics. The Analyzer tab presents detailed search results and insights into traffic sources. The Forensics tab presents the Activity Timeline, a raw data table relevant to the search parameters.
The Investigation toggle allows you to navigate between the the Analyzer and Forensics tabs.
The bad page views are categorized according to the type of event that occurred.
|Volumetric Rule||Activity exceeded volumetric policy definition|
|Bot Behavior||Behavioral patterns that deviate from typical human activity|
|Missing Sensor Data||JS Sensor information was not sent|
|Spoof||The detected browser does not match the one declared|
|Automation Tool||Request properties indicate the use of a well known automation tool (e.g. Selenium, Headless Chrome)|
|Denied Service||One or more of the client’s properties were denied|
|Bad Reputation||Users that share the same properties performed malicious behavior in the past|
|UI Anomaly||User interface interaction is typical for non humans|
|Behavioral Anomalies||Anomalies in behavioral data relevant for the request|
|Custom Denylist||The request was denied due to a customer defined rule|
|Cloud Service||The request was detected as a cloud service|
|Volumetric Anomaly||Request volume anomaly detected|
|Captcha Solving Attack||Indications of a CAPTCHA solving attack such as solving farms and solving automation|
When the Investigation page is opened independent of a Search, all of the account data is presented for the Time Range selected.
If the Time Range applied to the search is more than 14 days, the last 14 days of data is presented.
The filters in the Investigation page allow users to fine-tune the data presented. The filters in the Investigation page are the same filters as in the
Dashboard_, but apart from the Time Range and the Applications selected do not carry over from the Dashboard during a search. The filters affect all data in the Investigation page.
The data generated by the search is presented in the Analyzer tab. A breakdown of all traffic sources contributing to the total percentage are listed.
Included in the Analyzer tab are the following components:
- Traffic Over Time
- Incident Types
- Top Countries
- Cloud Vendors
- Services IP Classification
- Top Paths
- Top 10 IPs
- Top User Agents
- Header Referrers
- To 10 ASN Organizations
Also included in the Investigation tab is the Activity Timeline. This table presents the raw data used to create the components in the tab.
The raw data table is displayed in the Forensics tab. It allows users to investigate raw data relevant to the information presented in the Analyzer components. The data is subject to the applied filters and provides up to the most 60,000 recent requests.
Users can choose which data is presented in the table by adding or removing various columns. The table's configuration is saved per user.
The data in the Forensics table can be filtered per column(s) of interest.
Some tips for searching the Forensics table:
- Enter the column name followed by
:eg. Traffic Types:
- There must be a space between the
:and the value
- Column names are not case sensitive
- All operators can be used
Search example: Traffic type: Legitimate Requests AND (ip: 184.108.40.206 OR IP: 220.127.116.11)
Table data can be exported to a CSV file with a maximum of 60K rows.
Updated 8 days ago