The attack statistics page of the application security feature displays information of application attacks. You can view details of attacks such as the time when the attacks were generated, the types and URLs of attacks, and handling methods.

Go to the Attack Statistics page

  1. Log on to the ARMS console.
  2. In the left-side navigation pane, choose Application Security > Attack Statistics. In the top navigation bar, select a region.
    By default, the Attack Statistics page displays the statistics of attacks on all applications.Attack statistics
  3. Optional:To view the statistics of a single application, you can use one of the following methods:
    • Click the All Applications drop-down list at the top of the Attack Statistics page and select an application.
    • In the left-side navigation pane, choose Application Security > Application List. On the page that appears, click the name of an application. The Attack Statistics page appears, displaying the information of attacks.

View attack details

On the Attack Statistics page, the charts display the behaviors of applications after applications are connected to the application security feature and the statistics of attacks on applications. The list at the lower part of the page displays details of each attack, such as the type and URL, behavior data, and handling method.

The Application Behavior Statistics section displays the application behaviors that have been detected by the application security feature and their categories which can be normal behaviors and attack behaviors.Application behavior statistics
The Attack Statistics section displays the attacks that are detected by the application security feature and their types. Attack statistics
The attack details list at the lower part of the Attack Statistics page displays details of each attack. In the list, you can view the time, type, URL, behavior data, and handling method of each attack. Find an attack and then click View in the Details column. In the panel that appears, you can view the details of the attack such as the security vulnerabilities, attack requests, and server details. Attack details list
Note If no attack data is displayed on the Attack Statistics page, possible causes include:
  1. The target application has not completed access. After you click Access in the console, the instances of the application are not restarted (or only some instances are restarted).
  2. The Java probe version of the target application is lower. Application security requires the following probe versions. For more information, see Access application security.
    • Container application and EDAS applications must be v2.7.1.2 or later.
      Note Automatic upgrade scenarios refer to scenarios where you can automatically upgrade the probe version by restarting applications or pods. For more information, see Update the ARMS agent for Java applications.
    • For other manual upgrade scenarios, the version must be v2.7.1.3 or later.
  3. No real and effective attack behavior was produced. Unlike traditional firewalls, application security only records real and effective attacks. Traditional firewalls will report when they detect the presence of malicious attack characteristics in the message. However, the presence of malicious characteristics does not mean that the attack is effective. For example, attack requests that exploit PHP vulnerabilities are meaningless in the Java environment. If a real and effective attack is generated, it often indicates that the attacker has successfully breached the outer defense and can penetrate the internal environment of the application and execute dangerous actions. Your application may not contain a large number of real and effective attacks. However, you must pay attention to them when they occur and intercept or fix relevant security vulnerabilities in a timely manner.