Skip to main content
Sign in

CloudLinux Knowledge Base

  1. CloudLinux
  2. Imunify Security Products
  3. How do I

How to read Incidents table on Imunify360

Luis Nunez
  • Updated

Issue

Information on how to read the incidents table on Imunify360

Environment

  • Imunify360
  • Any OS

Solution

The Incidents table in Imunify360 provides a list of detected incidents along with detailed information about each incident. Here's what each column in the table represents:

  1. Date: This is the time when the incident occurred.
  2. IP: This is the IP address of the abuser. The color of the bubble next to the IP address indicates its status:
    • Gray: The IP is in the Gray List and every connection from this IP will be redirected to the CAPTCHA.
    • Blue: The IP is not in any list (White/Gray/Black) and is not blocked.
    • White: The IP is in the White List and will never be blocked by Imunify360.
    • Black: The IP is in the Black List and access from this IP is totally blocked without the ability to unblock by the CAPTCHA.
    • No bubble: This incident doesn’t contain an IP address.
  3. Country: This is the country origin of the abuser's IP address.
  4. Count: This is the number of times the abuser tried to repeat the action.
  5. Event: This is a description of the event or suspicious activity as described by OSSEC and Mod_Security Rules.
  6. Severity: This is the severity level of the incidents as estimated in OSSEC severity levels and Mod_Security severity levels. The color of severity means:
    • Green: Mod_Security levels 7-5, OSSEC levels 00-03
    • Orange: Mod_Security level 4, OSSEC levels 04-10
    • Red: Mod_Security levels 3-0, OSSEC levels 11-15
  7. Actions: These are the actions available for the Incident.

 

Useful links

 

Comments

0 comments

Please sign in to leave a comment.

Related articles