Follow

Dynamic Reporting - Using the Request Investigation Dashboard

This article walks through a typical investigation of a suspicious visitor which triggered a Captcha page. 

Upon detecting the threat, Distil serves a Captcha page to the visitor.

CaptchaPage.png

Beyond the Turing test, each Captcha page includes the IP address and trace information associated with the request. 

CaptchaResult.png

As an analyst, you can extract the information and then explore it using Dynamic Reporting Engine (DRE):

  • IP Address: 71.94.45.130
  • Trace: 6ce2681d-e5a8-4469-9f16-f69e30ff930e 
  • Via: 809d12b6-952f-41fc-abe9-8f1075cba0cb

Let’s take that request information and access the Request Investigation dashboard.

RequestInvestigationDashboard.png

Expand the filters list and paste the trace value (6ce2681d-e5a8-4469-9f16-f69e30ff930e) in the Request ID field. Then, click Run.

RequestInvestigation.png

We can view the threat category, the Captcha results, the response Distil took, and the complete rundown of forensic data associated with the malicious attempting all in a single view.

RequestInvestigation1.png

Next, we can filter by the request’s IP address (71.94.45.130) to drill down into any other past appearances of the abusive source in your web, API, and mobile traffic.

RequestInvestigation2.png

We can see our original Captcha’ed request was part of a series of malicious automated requests.

RequestInvestigation3.png

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments