Skip to main content
This feature provides enhanced visibility into potential security threats for your domain.   Security Insights are system-generated notifications that contain information about potential risks, such as domain misconfigurations, rule mismanagement, or security vulnerabilities.   Each Insight includes a recommendation to resolve the identified issue. This helps mitigate the potential vulnerability.
InfoThis feature is available in the Enterprise package. To enable it for a domain, contact our support team

View security insights 

It is possible to view and manage system-generated Insights and related recommendations in the Customer Portal on the Security Insights page. To view the insights, follow these steps:
  1. Open the Gcore Customer Portal and navigate to WAAP > Domains
WAAP Domain navigation menu
  1. Click a domain name. 
  2. Click Security Insights
Security Insights menu
This will open the Security Insights dialog that shows a list of active insights. When an insight is selected, the following information is available: 
  • The high-level description of the issue.
  • The recommended mitigation for the issue.
  • The relevant identifier:
    • For Allowed high risk IP, the IP address associated with the high-risk requests.
    • For Attack on disabled policy, the Policy ID of the disabled WAAP policy that was targeted.
  • The first time the issue was detected.
  • The last time the issue was detected.
List of active insights

Insight types

There are two types of security insights:
  1. Attack on disabled policy: an attack targets a disabled WAAP policy . This Insight allows reassessment of policy rules and enables protection of the domain from similar attacks.
  2. Allowed high-risk IP: requests from high-risk IP addresses are being received, associated with malicious activities that are allowed due to user-created rules (for example, a Firewall rule or a Custom rule with the IP condition). This insight allows adjusting WAAP settings to block those addresses or modify the relevant custom rules.
Use the Select insights dropdown to filter insights by type.
Filter for each type with the Select insights dropdown

Insight status  

Insights can have one of three statuses:
  1. Unread: a new insight that has not been reviewed yet.  
  2. Read: an insight that has been reviewed but was not closed.  
  3. Closed: insight that has been reviewed and closed. 
An orange dot marks unread insights in the list of all insights. 
Orange dot marks unread insights
Use the Status dropdown to filter by status.
Filter for each status with the Status dropdown

Manage security insights  

When an insight is selected, its status can be changed using the Mark as read, Silence, and Close buttons.
Manage security insights

Mark insights as read

Insights are not automatically marked as read when viewed. To mark an insight as read, click Mark as read. To keep an insight as a reminder for later action or review, leave it unread.
  1. Select the insight to mark as unread in the Security Insights list.
Select the security insight
  1. Click the Mark as unread button.
Mark the security insight as unread

Silence insights  

An insight can be silenced if it has been viewed, but no action is taken, or it is not closed. Silencing an insight means pausing all notifications for a specific period (e.g., a week, month, custom period, or indefinitely).   An insight can be silenced in three ways:
  1. For a specific high-risk IP address allowed by any rule.
  2. For a particular high-risk IP address allowed by a specific rule.
  3. For all high-risk IP addresses.
To silence an insight, follow these steps:
  1. Select it in the Security Insights view list.
Select the security insight
  1. Click the Silence button in its details.
Select Silence
  1. Select the relevant silence rule and set the notification suppression duration.
Select the silence rule and the duration
  1. Click the Save button. 
TipTo stop silencing an insight, see the Manage Silence Rules guide.

Close insights 

After an insight is reviewed, it can be closed and removed from the list by following these steps:
  1. Select the insight to close.
Select the security insight
  1. Click the Close button.
Select Close
InfoClosed insights are automatically deleted after 30 days unless reopened.
To open a closed insight for further investigation, reassessment, or verification of mitigation effectiveness, follow these steps:
  1. In the Status dropdown, select Closed.
Filter the insights with the Status dropdown
  1. Select the insight to reopen.
Select the security insight
  1. Click the Reopen button.
Select Reopen
The insight will reappear in the list on the Security Insights view. 

Manage silence rules 

To adjust notifications for a particular insight or remove any configured silence rules: 
  1. Open the Gcore Customer Portal and navigate to WAAP > Domains.
WAAP Domains menu
  1. Click a domain name.
List of Domains
  1. Click Security Insights.
  2. Click Silence rules.
Silence rules menu
  1. Find the silence rule to modify or remove, and click the action menu on the right.
Modify or remove silence rules
  1. Click Edit to change the silence duration of the rule or click Delete to unsilence it.
  2. Select the new silence duration and click the Save button.
Select the new silence duration
InfoTo stop receiving security insights, silence both Insight types: Attack on disabled policy and Allowed high-risk IP. Insights can be enabled at any time, but it may take up to one hour to resume receiving them.