5.2 Security Log

Previous5.1 Access Log Next6. Asset Management

Last updated 9 days ago

5.2 Security Log

📖 Overview

The Security Log module in ShieldsGuard provides a dedicated view of security-related events — including blocked threats, monitored attacks, WAF rule triggers, brute-force attempts, and behavioral anomalies.

Unlike the Access Log, which shows all requests, the Security Log focuses only on suspicious, malicious, or policy-violating activity. It’s your go-to dashboard for investigating real threats and validating that ShieldsGuard is actively protecting your system.

🔍 What It Captures

Each entry in the Security Log includes:

Field

Description

Action

Whether the threat was MONITORED, BLOCKED, or ALLOWED under observation

URL Address

The target page or endpoint

Attack Type

Detected pattern or threat category

IP Address

Origin of the attack or suspicious request

Date & Time

When the event occurred

Detail Button

Shows full request context (payloads, headers, rule triggered)

🎯 Common Attack Types Logged

Attack Type

Description

Bruteforce Attack

Repeated login attempts on login pages

SQL Injection

Malicious query content in GET/POST data

Cross-Site Scripting (XSS)

JavaScript-based payloads attempting injection

Command Injection

OS-level attack patterns in payloads

JITP

Just-in-time payload detection (heuristic)

DoS/Rate Abuse

Excessive request triggering protections

Header Tampering

Suspicious Origin, Referer, or User-Agent headers

🧪 How to Use

Investigate incidents: Search by IP, attack type, or URL to locate threats.
Validate rule effectiveness: Ensure WAF rules and behavior protections are firing as expected.
Correlate actions: Trace security events in combination with Access Log entries from the same IP or time range.
Audit protection logs: Show proof of blocked or mitigated attempts for compliance/reporting.

🔍 Filtering & Search Capabilities

You can narrow the Security Log by:

Date range
URL Address
Attack Type
Operation Type (Monitored / Blocked)
IP Address

All results can be expanded for detailed insight, including exact payloads, headers, and triggered security rules.

📋 Use Case Scenarios

Situation

Security Log Helps You...

Review a blocked SQL injection

Find exact URL, parameter, and source IP

Investigate login brute-force attack

Track multiple POST attempts to login endpoint

Monitor zero-day behavior

Identify JITP matches or unclassified anomalies

Detect abuse patterns over time

Filter by date and attack type

Produce a security report

Export attack data with classification and IPs

🔐 Best Practices

Review this log daily during high-risk periods (campaigns, launches).
Cross-reference with your WAF configuration to optimize rule coverage.
Use IPs found here to enrich your blacklist or inform your threat feeds.
Enable notifications or alerts if your plan includes real-time webhook/report integration.

🧠 Why It Matters

Security Log provides evidence that ShieldsGuard is actively defending your infrastructure, giving you visibility into threats that were:

Mitigated automatically
Blocked before execution
Detected and monitored (for behavioral learning)

🎯 The Security Log is your battlefield journal — it records every blocked attempt, monitored anomaly, and protected moment. It’s where real cyber defense becomes visible.

Previous5.1 Access Log Next6. Asset Management

Last updated 9 days ago

📖 Overview

🔍 What It Captures

Each entry in the Security Log includes:

Field

Description

Action

Whether the threat was MONITORED, BLOCKED, or ALLOWED under observation

URL Address

The target page or endpoint

Attack Type

Detected pattern or threat category

IP Address

Origin of the attack or suspicious request

Date & Time

When the event occurred

Detail Button

Shows full request context (payloads, headers, rule triggered)

🎯 Common Attack Types Logged

Attack Type

Description

Bruteforce Attack

Repeated login attempts on login pages

SQL Injection

Malicious query content in GET/POST data

Cross-Site Scripting (XSS)

JavaScript-based payloads attempting injection

Command Injection

OS-level attack patterns in payloads

JITP

Just-in-time payload detection (heuristic)

DoS/Rate Abuse

Excessive request triggering protections

Header Tampering

Suspicious Origin, Referer, or User-Agent headers

🧪 How to Use

Investigate incidents: Search by IP, attack type, or URL to locate threats.
Validate rule effectiveness: Ensure WAF rules and behavior protections are firing as expected.
Correlate actions: Trace security events in combination with Access Log entries from the same IP or time range.
Audit protection logs: Show proof of blocked or mitigated attempts for compliance/reporting.

🔍 Filtering & Search Capabilities

You can narrow the Security Log by:

Date range
URL Address
Attack Type
Operation Type (Monitored / Blocked)
IP Address

All results can be expanded for detailed insight, including exact payloads, headers, and triggered security rules.

📋 Use Case Scenarios

Situation

Security Log Helps You...

Review a blocked SQL injection

Find exact URL, parameter, and source IP

Investigate login brute-force attack

Track multiple POST attempts to login endpoint

Monitor zero-day behavior

Identify JITP matches or unclassified anomalies

Detect abuse patterns over time

Filter by date and attack type

Produce a security report

Export attack data with classification and IPs

🔐 Best Practices

Review this log daily during high-risk periods (campaigns, launches).
Cross-reference with your WAF configuration to optimize rule coverage.
Use IPs found here to enrich your blacklist or inform your threat feeds.
Enable notifications or alerts if your plan includes real-time webhook/report integration.

🧠 Why It Matters

Security Log provides evidence that ShieldsGuard is actively defending your infrastructure, giving you visibility into threats that were:

Mitigated automatically
Blocked before execution
Detected and monitored (for behavioral learning)

🎯 The Security Log is your battlefield journal — it records every blocked attempt, monitored anomaly, and protected moment. It’s where real cyber defense becomes visible.