Feature
Attack Story: Unique IPs (24h)
Description
Counts distinct source IPs seen in the last 24 hours.
How it works
AegisWAF applies this capability inside the Logs / Attack Story module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.
How to access / Enable or disable
- Access: AegisWAF → Logs / Attack Story
- Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable.
Recommended setting
Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.