Peakhour provides access to firewall events, which are logged and grouped by URL, ASN, IP, and country. These events include all events picked up by the Web Application Firewall (WAF), configured reputation lists, rate-limited clients, and other sources.
The following event types are available:
Event information is displayed in a table, which includes the time, severity, country code, network, number of hits, and number of unique URLs. Events can be searched, downloaded, and inspected to provide detailed information about network activity.
A small time series graph is displayed to show events over time, allowing users to quickly identify patterns of suspicious behavior. Clicking on the symbol next to an event will display additional information about the event, including the specific rule that was triggered.
When viewing the WAF event detail, users may choose to disable the triggered rule for future visitors. This can be a useful tool for fine-tuning the WAF and ensuring that legitimate traffic is not inadvertently blocked.
Overall, firewall events provide a valuable tool for monitoring and managing network activity, allowing users to quickly identify and respond to potential security threats.