• Use Cases
    • Technical
    • Digital
    • eCommerce
    • Travel
    • Gambling
    • Public Sector
    • Enterprise
    • Small/Medium
    • Agencies
    • RapidSpike VS New Relic
  • Platform
    • PerformanceImprove page speed and conversions.
    • SecurityStop hackers and find vulnerabilities.
    • ReliabilityTrack errors and issues, get alerts.
    • How It WorksA quick overview of the platform.
  • Customers
  • Learn
    • About UsWe help make the web faster, safer and easier to use.
    • Knowledge BaseWe aim to answer your most frequently asked questions.
    • From The BlogGet to know feature development, monitoring tips and even the RapidSpike team.
      • Why should you use Single Sign-On?
      • The Online Travel Landscape
      • The ultimate guide to website monitoring solutions
  • Pricing
  • Log In
  • Get Started
  • Use Cases
    • Technical
    • Digital
    • eCommerce
    • Travel
    • Gambling
    • Public Sector
    • Enterprise
    • Small/Medium
    • Agencies
    • RapidSpike VS New Relic
  • Platform
    • PerformanceImprove page speed and conversions.
    • SecurityStop hackers and find vulnerabilities.
    • ReliabilityTrack errors and issues, get alerts.
    • How It WorksA quick overview of the platform.
  • Customers
  • Learn
    • About UsWe help make the web faster, safer and easier to use.
    • Knowledge BaseWe aim to answer your most frequently asked questions.
    • From The BlogGet to know feature development, monitoring tips and even the RapidSpike team.
      • Why should you use Single Sign-On?
      • The Online Travel Landscape
      • The ultimate guide to website monitoring solutions
  • Pricing
  • Log In
  • Get Started

Back to Knowledgebase

Categories

Account & Billing

Getting Started

Performance Monitoring

Alerts & Notifications

Uptime Monitoring

Security Monitoring

Synthetic User Journey Monitoring

Interpreting Data

Assurance and Search

Attack Detection Alerts – RUM

Attack Detection via RUM detects all data sent by the browser when end users browse a website, including data from browser plugins and extensions.

For example, an end user might have a browser extension installed such as Honey to give them information about coupons available to use on websites. Each time they navigate to a website, the extension will inject code into the website to contact their services about any relevant coupons that could be used to purchase goods at discounted price. Unfortunately the requests to these hosts are recorded with all other request, so it’s not possible to distinguish from legitimate requests made by the website.

To avoid alerts for untrusted hosts loaded by the end user and not loaded by your website, we allow you to configure settings to reduce the noise.

Real User Request Filter

This is used to filter out false positives and noise by only displaying untrusted hosts that are seen by a percentage of page views. In the example above of a host from a browser extension, not many individuals will have the same browser extensions install, so the actual number of requests to the same untrusted host will likely be low.

For example:

100 page views are made to a website page.

2 page views come from browsers with an extension that sends traffic to an untrusted host.

This means only 2% of page views made a request to the untrusted host.

If you set the filter to 10%, you will not be notified of the new untrusted host as the 2% of page views falls below the 10% filter.

If another untrusted host is detected on 80 page views (out of 100), it means that 80% of page views sent requests to an untrusted host. You will be alerted to this.

The filter can be adjusted from the Attack Detection Settings:

Rule Interval

When calculating the number of page views to a Protected Page and the number of page views that made a request to an untrusted host, we need to know what time frame to use. The Rule Interval will determine how far back we look when generating these values. For example, if this is set to 3 hours, we will count how many page views were made in the last 3 hours.

The higher the value, the more data there will be to compare page views and page views to untrusted hosts.

The Rule Interval can be set on individual Security Alert Rules:

Reducing False Positives

We would recommend tweaking the values of the filter and the Rule Interval if you find that you are receiving alerts to untrusted hosts that you believe do not originate from your website.

Start your free 30-day trial today

No credit card required.

GET STARTED

RapidSpike - Global eCommerce Winner 2021
RapidSpike - Northern Digital Awards Winners
RapidSpike - Insider Yorkshires Most Exciting Companies
RapidSpike - UK Dev Awards 2021 Winner
RapidSpike - Prolific North Top Tech 30 To Watch
RapidSpike - Cyber Accelerator Alumni

Copyright © 2022 — All Rights Reserved.

RapidSpike - AWS Well Architected
RapidSpike - AWS Partner Network
  • Solutions
    • Technical
    • Digital
    • eCommerce
    • Travel
    • Gambling
    • Public Sector
    • Enterprise
    • Small/Medium
    • Agencies
    • New Relic
    • Customers
    • Pricing
  • Platform
    • Performance
    • Security
    • Reliability
    • How It Works
    • Insights
    • Alerting & Integrations
    • All Features
    • Synthetic User Journeys
    • Google Lighthouse
    • Core Web Vitals & Performance
    • Webpage Test
    • Real User Monitoring
    • Vulnerability Scanning
    • Magecart Attack Detection
    • Uptime
    • Assurance & SEO
  • Learn
    • Blog
    • Knowledge Base
    • API Documentation
    • System Status
    • RapidSpike Roadmap
    • Log In
  • Company
    • About Us
    • Contact
    • Careers
    • Press
    • Privacy Policy
    • Terms & Conditions
    • Vulnerability Disclosure