Analyze Security Events with Event Advisor

Overview

The AI-based Event Advisor helps you get detailed insight into open-appsec Security Events and is divided into three easy-to-read sections:

Navigate to your open-appsec Security Logs in the Monitoring section.
Right-click on any individual log entry.
Select “Event Advisor” from the context menu.
A panel opens on the right-hand side of the screen, showing the detailed event analysis.

This section gives a short, clear summary of the event.

It shows the request method (GET, POST, etc.), the source IP, the destination host/path, and whether the request was blocked or detected.
Example: “A POST request from 192.168.0.1 to the root path of "example.com" was blocked due to missing authentication token.”

This section explains why open-appsec took action.

It describes what was missing, suspicious, or malicious in the request.
Example: “The request contained patterns matching Java JNDI injection attempts in the URL path. The presence of 'jndi:' in the URI is a strong indicator of an attempt to exploit Log4j vulnerabilities (Log4Shell) or similar Java deserialization attacks. The request also matched XPath injection patterns. These attacks could allow remote code execution or unauthorized data access on the target system.”

This section provides recommended next steps.

The guidance here always starts with the verdict sentence, then adds 2–3 hardening steps relevant to the detected attack type(s):

If malicious (blocked/detected): No action is required.
If likely a false positive (blocked/detected but looks legitimate): Create a narrow Custom Rule/Exception for the specific URL and parameter or click ‘Report misclassification’.

If you believe the log classification is incorrect (for example, a false positive), you can click Report misclassification.

Last updated 9 hours ago

Was this helpful?