Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Goal

Detect user activity from suspicious IPs, specifically the Tor anonymisation network.

This may highlight malicious activity that a user doesn’t want to be linked to their real IP address.

Strategy

Correlate traces tagged with a user with the Threat Intelligence qualification of their IP address.

Require the trace to be flagged, either by a user event or by an In-App WAF attack.

A Low signal is then generated.

Triage and response

  1. Investigate the activity and validate that it is legitimate.
  2. Review activity from Tor IPs (@threat_intel.ip:tor) to evaluate if you’re under attack.
  3. Consider blocking the user if the activity is suspicious.