Book IndexHideShow
Back to topic

Account Takeover Protection

Explore the Data

Explore the Data

Explore the data for your site on the Account Takeover Protection Dashboard.

In this topic:

Filter the displayed data

The banner at the top of the dashboard describes the data displayed on the page.

Select a site in your account and a time frame for the data.

Configure mitigation

Assign mitigation actions, such as Block or Captcha, to account takeover attempts for each risk level. Run a simulation to assess the impact of your security strategy and view the results.

For details, see Configure Mitigation Rules.

Login activity over time

View trends and statistics on logins and login attempts to your site.

  • See the percentage of ATO attempts as compared to total login attempts.
  • View the impact of your mitigation strategy on malicious attempts.
  • Examine ATO trends over time.

On the graph:

  • Hover for more details on specific data points.
  • Filter using the legend radio buttons below the graph.
  • Click and drag to zoom in.
Widget Description
Total login attempts All login attempts to your site - successful, mitigated, malicious, legitimate.
Account takeover attempts

Any potential takeover, as determined by our internal detection mechanism.

Compromised user logins

The number of logins by users whose credentials were hacked.

Click View details to see the list of compromised user accounts. For more details, see Users at Risk.

Mitigated malicious logins

The number of attempted logins to your site that were mitigated according to your configured mitigation rules.

If you have not yet configured mitigation rules, this statistic is disabled in the graph.

After you configure mitigation rules, this category is automatically enabled and you begin to see the impact in the graph.

To configure mitigation, see Configure Mitigation Rules.

Users under risk

View details of user accounts that have been hacked or are at risk of being compromised.

See recent trends in account takeover attempts for the site.

Widget Description
Compromised users

Users whose login credentials have been hacked, have successfully logged in, and have been determined to have malicious intent.

Users with leaked credentials

Users whose login credentials have been found in publicly available online databases of leaked credentials.

Click View details to see the list of user accounts with leaked credentials. For more details, see Users at Risk.

Top attackers

View the distribution of account takeover attempts for each attack probability level, listed by client type, IP, and IP reputation:

Tab Description
Client application

The client application used for the account takeover attempt.

For the full list of Imperva classified clients, see Client Classification.

IP Reputation

The categorization of the source IP, based on our internal classification and assessment mechanisms.

The reputation gives an indication of the type of activity originating from that IP.

For example, comment-spammers, anonymous proxies, or Google Cloud Platform

IP The IP address of the client used for the account takeover attempt.

Account takeover attempts by country

View the distribution of account takeover attempts by country for the selected site and time frame.

You can download the data as an image in .png format.

See also:


Join the Discussion