You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: crowdsec-docs/unversioned/console/remediation_metrics.mdx
+5Lines changed: 5 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -44,6 +44,11 @@ This section highlights the amount of malicious traffic that has been remediate
44
44
-**Raw data** represents actual traffic dropped by your remediation components (bouncers), powered by blocklists and security engines.
45
45
-**Estimated data** is calculated by applying a coefficient to the raw metrics to provide a projected view of saved resources.
46
46
47
+
The data estimate is based on the following considerations:
48
+
* For OSI L4 (firewall level) bouncers: 7 blocked packets make up about 1 blocked attack attempt (due to tcp-syn retries)
49
+
* For OSI L7 (application level) bouncers: 1 blocked request makes up about 1 blocked attack attempt
50
+
* 1 blocked attack attempt would result in 10 actual attacks if the attacker wasn't blocked, as most attackers will try a sequence of exploits in rapid succession.
0 commit comments