Attacks Tab

On the Business Transactions page, you can view the Attacks tab, which displays:

NameDescription
ID

The ID of the corresponding Attack. generates this ID. You can modify this ID on the attacks details page. To view the attack details page, click the desired row.

Click this field to sort the ID alphabetically.

Outcome

The outcome of the corresponding attack. This provides information on these state of the attack:

  • Observed: When the events may impact the security, but any malicious intent is not determined. For example, an application opening a file outside the application directory causes Observed state.
  • Blocked: When the events are blocked based on the attack policy.
  • Exploited: When malicious activity is performed to impact the application's security.
  • Attempted: When the malicious activity is determined but not exploited.

Click this field to sort the values alphabetically.

Attack Type (Events) The type of the attack and count of that attack type.
Attack Trigger Relevant information from the runtime behavior resulting from the event where Secure Application determined a potential attack.
Tier

The tier name and the number of nodes. You can click
to launch the application flow map in the Splunk AppDynamics dashboard. The info icon (
) next to an affected tier indicates that the attacked nodes in the tier include critical or medium vulnerability.

Last Detected

The time that is elapsed since the last event within the attack. Click this field to sort the values in ascending or descending order.

Status

The status of the attack is defined as either Open or Closed. If you have Configure permissions, click the checkboxes for the required rows and then click the Set Status option to set the appropriate status. Click this field to sort based on the Open or Closed state.