Section: Website: MUD
Website – Malicious user detection
Reliant on Real User Monitoring, Malicious user detection (MUD) is automatically enabled if RUM is installed. MUD gives you the ability to alert on any potentially malicious users as well as listing them by IP and location. This list can then be exported via CSV, ideal for adding to your firewall.
View current status
If no malicious users have been detected in the current time period a green “PASSING” message will be displayed. If any number of Malicious users have been detected the system will highlight the number of malicious views, the number of pages visited, the number of IP’s and wha % of traffic has been malicious. Below this will be a countries list and countries map that will rank the countries your malicious views have originated from.
View IP Ranges and the pages visited
Located in the left hand pane, IP Ranges are the bread and butter of MUD. Listing by Range, Country and page views this can be exported by hitting the “EXPORT CSV” button located above the list. This .CSV will prove beneficial when blocking these users in your firewall (if you are required to do so). To view the pages visited by your potentially malicious users simply hit the “Pages” option located on the far left. This will then list the pages visited and how many malicious IP’s visited them. From there you can hit “View>” and be given even more details.
View and create Alerts
Easily reached from the “Overview” tab – To view these your existing alerts or to add new ones simply hit the “ALERTS” tab at the top of the page. From this page you’ll be add new Alert Rules by hitting “ALERT SETTINGS>” as well as view the existing rules associated to this monitor below.
Change the data history displayed
Whether you want to see data for the last week or the last year – Simply hit the Clock button in the top right and use the drop down to select your preferred data history. This button will display the current data period so you know what its set to currently!