AtomicEdge

Documentation

Log Analysis & Filtering

Search, filter, and analyze your security logs to identify patterns and threats.

Filtering Options

Time Range Filters

  • Last Hour: See current attack activity
  • Last 24 Hours: Daily attack patterns
  • Last Week: Weekly trends and persistent threats
  • Custom Range: Specific date and time periods

Search by IP Address

  • Single IP: Find all attacks from one source
  • IP Range: Search for attacks from related IPs
  • Geographic Filter: Attacks from specific countries
  • ISP Filter: Attacks from specific hosting providers

Search by Attack Type

  • Rule ID: Find specific types of attacks (e.g., 942100 for SQL injection)
  • Rule Group: Filter by OWASP, WordPress, or custom rules
  • Severity Level: High, medium, or low severity attacks
  • Attack Category: SQL injection, XSS, file inclusion, etc.

Search by Target

  • URI Pattern: Attacks targeting specific pages or directories
  • File Extensions: Attacks on .php, .asp, .jsp files
  • Admin Areas: Attacks on /admin, /wp-admin, /login
  • API Endpoints: Attacks on /api/, /rest/, /graphql

Advanced Analysis

Pattern Recognition

Coordinated Attacks:

  • Multiple IPs attacking simultaneously
  • Same attack patterns from different sources
  • Attacks following news of vulnerabilities

Persistent Attackers:

  • Same IP attacking over multiple days
  • Escalating attack complexity
  • Targeting multiple pages or functions

Automated vs Manual:

  • Automated: Regular intervals, identical patterns, known tools
  • Manual: Irregular timing, varied approaches, custom payloads

Geographic Analysis

Attack Distribution:

  • Map attacks by country of origin
  • Identify unusual geographic patterns
  • Correlate with global threat intelligence

Time Zone Patterns:

  • Attacks during business hours in attacker's region
  • Coordinated campaigns across time zones
  • Weekend vs weekday attack patterns

Trend Analysis

Attack Volume Trends:

  • Daily, weekly, monthly attack patterns
  • Seasonal variations in attack types
  • Correlation with security news or events

Target Evolution:

  • New pages being targeted
  • Shift in attack methodologies
  • Adaptation to your security measures

Export and Reporting

Export Formats

  • CSV: Spreadsheet analysis and reporting
  • JSON: Integration with security tools
  • PDF: Executive summaries and compliance reports
  • Raw Logs: Full detail for forensic analysis

Automated Reports

  • Daily Summaries: Attack volume and top threats
  • Weekly Trends: Pattern analysis and recommendations
  • Monthly Reports: Comprehensive security overview
  • Incident Reports: Detailed analysis of specific attacks

Integration Options

  • SIEM Systems: Real-time log streaming
  • Security Tools: API integration for automated analysis
  • Monitoring Platforms: Alert integration and dashboards
  • Compliance Systems: Automated compliance reporting

Analysis Best Practices

Regular Review Schedule

  • Daily: Check for new attack patterns and high-severity threats
  • Weekly: Analyze trends and adjust security settings
  • Monthly: Comprehensive review and rule optimization
  • Quarterly: Strategic security assessment and planning

Key Metrics to Track

  • Attack Volume: Total attacks per day/week/month
  • Attack Types: Distribution of different attack categories
  • Geographic Sources: Countries and regions of attack origins
  • Success Rate: Blocked vs potentially successful attacks

Documentation

  • Incident Records: Document significant attacks and responses
  • Pattern Analysis: Track recurring attack patterns
  • Rule Changes: Log security configuration modifications
  • Performance Impact: Monitor WAF processing overhead

Troubleshooting Analysis

No Logs Showing

  • Check time range: Expand date filters
  • Verify protection: Ensure site is actively protected
  • DNS verification: Confirm traffic flows through AtomicEdge
  • Rule status: Check if WAF rules are enabled

Too Many False Positives

  • Review blocked requests: Identify legitimate traffic
  • Adjust sensitivity: Lower protection levels if needed
  • Create exceptions: Whitelist trusted sources
  • Fine-tune rules: Customize rules for your application

Missing Expected Attacks

  • Rule coverage: Ensure appropriate rule sets are enabled
  • Protection level: Higher levels catch more subtle attacks
  • Custom rules: Add rules for application-specific threats
  • Rule updates: Ensure latest rule definitions are active

Need Help?

  • 💬 Live Chat: Get help with log analysis
  • 📧 Email Support: Send complex analysis questions
  • 🛡️ Managed Analysis: Expert log review service (Enterprise)