Viewing Web Protection Events
You can search for security events, such as XSS attacks, SQL injection, CC attacks, and user-defined precise protection events in the event list to quickly locate attack sources or analyze attack events.
You can view event data of all protected domain names in the last 30 days.

If you switch the working mode for a website to Suspended, EdgeSec only forwards all requests to the website without inspection. It does not log any attack events neither.
Prerequisites
A protected website has been added. For details, see Adding a Website to EdgeSec.
Procedure
- Log in to the management console.
- Click
in the upper left corner of the page and choose .
- In the navigation pane on the left, choose . The Statistic page is displayed.
- Select a website from the Website drop-down list. You can view protection logs of yesterday, today, past 3 days, past 7 days, past 30 days, or a user-defined time range.
Figure 1 Events
- View the event details.
- In the search box, select a property or enter a keyword. For details about the search conditions, see Table 1.
- Click
to select fields you want to display in the event lists.
- To view event details, locate the row containing the event and click Details in the Operation column.
Table 1 Description of the conditions Parameter
Description
Event ID
ID of the event
Incident Type
Type of the attack.
By default, All is selected. You can view logs of all attack types or select an attack type to view corresponding attack logs.
Protective Action
The options are Block, Log only, and Verification code.
Source IP
Public IP address of the web visitor/attacker
By default, All is selected. You can view logs of all attack source IP addresses, select an attack source IP address, or enter an attack source IP address to view corresponding attack logs.
URL
Attacked URL
Rule ID
Protection rule ID
Geolocation
Geographical location from which an IP address is originated
Attack Type
- Web application attack
- Access control
- Challenge Collapsar (CC) attack
- Bot attack
ASN
Autonomous system number
Table 2 Parameters in the event list Parameter
Description
Example Value
Rule Name
The name is displayed only when a user-created rule is matched. For default rules, such as the built-in rules for basic web protection and bot protection, the rule names are not displayed.
cc
Time
When the attack occurred
2023/03/04 13:20:04
Source IP Address
Public IP address of the web visitor/attacker
xx.xx.10.1
Domain Name
Attacked domain name
www.example.com
Geolocation
Location where the IP address of the attack originates from
United States
URL
Attacked URL
/admin
Incident Type
Type of the attack.
Precise Defense
Protective Action
The options are Block, Log only, and Verification code.
NOTE:If an access request matches a data masking rule, the protective action is marked as Mismatch.
Block
ASN
Autonomous system number
20115
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot