The tutorial video below covers the same topics as this article.
Much like the Threats by Organization Report (available from the Web Security header of the Distil Networks Portal), the Organizations Report in the Distil Networks Portal lets you view the top organizations that host malicious requests targeting your APIs. Examples include Amazon and Google, which provide short-term and recycled IP addresses to both legitimate users and hackers alike. Such cloud-based addresses enable malicious users to misappropriate a new, or temporary, IP to send malicious requests using your APIs.
This report lets you view offending organizations and potentially blacklist them from accessing your APIs.
Accessing the Organizations Report
Follow these steps to access the Organizations Report:
- Log in to the Distil Networks Portal.
- Click API Security on the banner menu.
- Click Reports on the left panel.
- Click Organizations.
Reviewing the Organizations Report
The Organizations Report includes:
- Date Filter (upper-right corner) – Select a specific date range to view.
- Organization Table – Review and manage the top organizations having abusive requests.
Click any of the following column headers to sort violations by that criterion:
- Name of Organization – Name of offending organization.
- Total Abusive Requests – Total number of abusive requests associated with the organization.
- Top 5 Organizations by Number of Violations – Displays a graphical representation of top organizations associated with abusive requests. You can add or remove an organization from the graph by selecting it from the legend.
Blacklisting IPs via the Organizations Report
Having identified a troublesome IP address(es) using the Organizations Report, use the Access Controls dialog box to blacklist it and stop future attempts.
- Select a checkbox adjacent to any organization(s) on the Organization Table to open the Access Controls dialog box.
NOTE: You can optionally select a Domain and Security Setting Rule to target a specific domain. Do not make a selection if you wish to blacklist the IP from all of your protected API domains.
- Click [Blacklist].
- Click Blacklist to save the settings, thereby blacklisting the IP address from making future attempts.