Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Goal
Detect user activity from suspicious IPs, specifically the Tor anonymisation network.
This may highlight malicious activity that a user doesn’t want to be linked to their real IP address.
Strategy
Correlate traces tagged with a user with the Threat Intelligence qualification of their IP address.
Require the trace to be flagged, either by a user event or by an In-App WAF attack.
A Low signal is then generated.
Triage and response
- Investigate the activity and validate that it is legitimate.
- Review activity from Tor IPs (
@threat_intel.ip:tor) to evaluate if you’re under attack. - Consider blocking the user if the activity is suspicious.
