Blocking

Blocked Requests

The Blocked Requests page lists the requests that were blocked and relevant data about when and where the attack occurred that caused the threat to be blocked.

blocked requests no nav

The Request ID is a random string generated to help identify every request that passes through your ThreatX sensors. This request ID is visible on every allowed request in the response header, and also is presented in the 403 message of every blocked request.

Request IDs are useful for investigating issues or blocked requests, and can be given to the ThreatX SOC if more assistance is needed. ThreatX SOC retains the logs of all suspicious and malicious requests for 90 days, and IDs for those requests remain searchable during that time.

Click View Entity to be taken to that entity’s Entity Details page, where you see the full details of the request that was blocked.

Managing listed IP addresses

Dashboard

Settings  IWAF  Firewall
ThreatX API

api.threatx.com/tx_api/v2/lists

Lists are used to block, deny, or allow IP addresses.

List Entries

Block List

Temporary (automatic removal)

Black List

Permanent (manual removal)

White List

Permanet (manual removal)

The lists are often managed by your analysts and, therefore, the procedures to manage the lists are provided in the ThreatX Managed API and Application Protection Platform Analyst Guide.

Managing Risk-Based Blocking

Dashboard

Navigate menu:[Settings]
ThreatX API

api.threatx.com/tx_api/v2/customer
Risk-Based Blocking Settings
Risk-Based Blocking Timeout

Length of time a threat is blocked. Applies only to those threats that are blocked automatically. Default is 30 minutes.

Risk-Based Blocking Threshold
Rsk Level score

Any threat that meets or exceeds the score is blocked automatically. lock Embargoed Countries

Block TOR Exit nodes

When enabled, all incoming traffic from a TOR Exit node is not allowed. Tor Exit Nodes are the gateways where encrypted Tor traffic hits the Internet.