Active Threats

Active Threats are an important concept in Nova. They try to focus valuable human time by ignoring the "junk" that spams the internet, and identifying dangerous targeted attacks against your applications.

Monitoring

Monitoring and alerting for active threats can be seen under the Active Threats menu item. You will be notified should it be necessary to new threats automatically, and the system can take steps to mitigate them (beyond the normal).

Screenshot

In the above image, you can see one of our developers flagged as a threat during testing. The ATS score goes from 1-5 with 5 being the highest. In this example, we have a low warning of a 1.

You are shown where the threat is located, and offered a link to view all the Logs for the threat, or the IP detail.

Logs

Screenshot

The log viewer will show you the blocked traffic that contributed to this becoming an active threat. Other metrics like reputation, rate, etc. are also considered.

IP Detail

Screenshot

The IP detail will show you information on the IP address and recent blocks, but will also indicate if NovaSense believes this IP to be a threat and provide you details on what type of threat it is, for example, a botnet.

Blocking

You can automatically block active threats from sending any traffic to your system using the ATS Block feature shown in the image below.

Screenshot

The window is how long an active threat will be blocked for once discovered, and the evaluation period for discovering threats to block.