INCIDENT DETAILS: Application Layer DDoS / Resource Exhaustion

Risk Score:89CRITICAL

ATTACK ANALYSIS & SIGNATURE

TYPE
Application Layer (L7) Flood / Slowloris
SOURCE
External 185.14.23.1, 203.12.54.1
TARGET URI
/api/v1/mobile/login
USER-AGENT
Python-urllib/3.8 (Anomaly)

TRAFFIC & CONNECTION TREND

Last 15m
Connections/Sec
Bandwidth (MB/s)
0 mins agoPeakminus 2ms10 mins ago0255075100700%00.651.31.952.689%

AI REMEDIATION RECOMMENDATION

Summary:
Precision block: malicious IPs using anomaly User-Agent targeting /login URI
# Fortinet FortiGate (Draft) — IPS Custom Signature + Block
config ips custom
  edit "TRION_LOGIN_PYUA"
    set signature 'F-SBID(--name "TRION_LOGIN_PYUA"; --service http;
      --context header; --pattern "Python-urllib/3.8";
      --context uri;    --pattern "/api/v1/mobile/login"; --no_case;)'
  next
end
config ips sensor
  edit "TRION_NDR_SENSOR"
    config entries
      edit 1 set rule "TRION_LOGIN_PYUA" set action block next
    end
  next
end