Imperva Cyber Community

Expand all | Collapse all

Event page "Visitor Type" filter - Human vs. Bot

  • 1.  Event page "Visitor Type" filter - Human vs. Bot

    Posted 28 days ago
    What specific criteria is applied to the event list when only events with a "Human" Visitor Type are shown?  "Human" is not a valid filter for creating Incap rules, so I can't find a definition of "human" in the documentation.  

    I ask because we have created an Incap rule to present a Captcha challenge to all visitors where "ClientType !=Browser", but when I filter the event list to show only events where "Visitor Type" = "Human" it shows a lot of events that have received Captcha challenges.  So clearly "Human" visitor types don't equate perfectly to "ClientType" = "Browser" in Incap rules.

    Thanks for your help.
    #CloudWAF(formerlyIncapsula)

    ------------------------------
    Robert McCarthy
    mHelpDesk
    Fairfax VA
    ------------------------------


  • 2.  RE: Event page "Visitor Type" filter - Human vs. Bot

    Imperva Employee
    Posted 28 days ago
    Hi Robert,
    Imperva Advance Bot Protection (ABP) checks more than 200 attributes to determine if the connection is Human or BOT. Sometimes a Human will get a CAPTCHA when there is some question if there is a Human behind the connection. If client Type != Browser it is a BOT, Imperva ABP will label them properly.
    A better filter would use client type = Browser or client type != Browser. Or create a report on =CAPTCHA or != CAPTCHA. Then determine the efficiency of the rule.

    Thank you,
    Scott


    ------------------------------
    Scott Morgan
    Impreva
    ------------------------------



  • 3.  RE: Event page "Visitor Type" filter - Human vs. Bot

    Posted 28 days ago
    Thanks for the quick reply and the good suggestions, Scott!  Our WAF subscription does not include Advanced Bot Protection.  Would that change your answer at all?

    Thanks,
    Bob

    ------------------------------
    Robert McCarthy
    mHelpDesk
    Fairfax VA
    ------------------------------



  • 4.  RE: Event page "Visitor Type" filter - Human vs. Bot

    Imperva Employee
    Posted 20 days ago
    Hi Robert, 

    Not all tags are exposed to account and some are used more meticulously by the SOC team as it can affect performance and accuracy of outcome. 
    Please share your use case to provide more guidance.

    Some good reading links are
    https://docs.imperva.com/bundle/cloud-application-security/page/rules/rule-parameters.htm
    https://docs.imperva.com/bundle/cloud-application-security/page/rules/security-rule-examples.htm and
    https://docs.imperva.com/bundle/cloud-application-security/page/settings/auto-mitigation.htm ( available default for all Cloud enterprise accounts)  



    ------------------------------
    Abhishek Gupta
    Customer Success team
    Imperva
    ------------------------------