Top Ten Post-Onboarding Questions

What is included in Legitimate Requests?

Legitimate Requests include all good traffic, not including the custom Allowlist and allowed known bots and crawlers.

What is included in Blocked Requests?

Blocked Requests are all requests blocked by HUMAN, including the custom Denylist and denied known bots and crawlers.

How can I release a specific Block ID?

Enter at least one Block ID in the Investigation Search Bar, and click GO, the Clear Block ID button appears. Clicking the Clear Block ID opens a pop-up.

In the pop-up you can select the Block ID (or portion of) that you wish to clear, and for how long. Confirm that you are sure that you want to clear the selected Block ID.

The Block ID is cleared after you click Confirm.

Note that a Block ID can only be released within 24h of the initial block.

How do the Allowlist and Denylist work?

When you configure the Allowlist on a defined object, such as Google crawlers, HUMAN sets the score of that session to 0, the lowest available risk score. The Enforcer will not block traffic from objects in the Allowlist. Generally, we recommend that traffic from vendors, partners, penetration testing tools, Office Ip/VPN, SEO tools or any other testing tools be included in your Allowlist.

When you configure the Denylist on a defined object, like Anonymous Proxies, HUMAN will set the score of that session to 100, the highest available risk score. Requests from any object that is added to the Denylist will be blocked.

How can we create Custom Rules?

To add a Custom Rule:

  1. Navigate to Product Settings > Security Policy, select the Policy Name, and access the Your custom rules tab. There are no default custom rules.
  2. Click Add custom rule.
  3. Fill in the Description, set the rule priority, rule response, and define the rule's logic.
  4. Click Add Rule

HUMAN Known Bots & Crawlers and IP Classification configurations provide a recommended rule response (Allowlist or Denylist). You can change these items to suit your website needs.

Additionally, Custom Rules can be managed by the Custom Rules API, more information can be found here.

How can I generate my own reports?

The Reports tab displays two types of reports:

Page Views Report
This report displays site statistics - total page views and bad page views - based on two levels of aggregations. Aggregation levels (Field1 and Field2) can be set by Country, Browser, Custom Parameters, IPs, etc. The report displays the page views that occurred within the configured time range, and have a risk score at or above the selected minimum risk score

CAPTCHA Solved Report
This report lists all solved CAPTCHA events with all relevant information such as Client IP, Visitor ID, Incident Types, and Risk Score. Use Columns control to adjust the required information. The report displays the number of Captchas solved within the configured time range that have a risk score at or above the selected minimum risk score.
Find instructions on how to generate both types of reports in the HUMAN Knowledge Base.

What are some of the advantages of creating a customized dashboard?

HUMAN Bot Defender Dashboard Customization tool allows you to gain more business insights by creating and adapting custom dashboards in accordance with your business needs.

For example, you can prioritize the information about Account Takeover attacks to be first, by creating a new widget and dragging it to the top of the Dashboard. Moreover, you can combine different sets of data, like the general Blocked Requests trend and the Check Out Page Blocked Requests trend.

Learn more about how to create customized dashboards.

How can we explore optimizing the performance from Bot Defender?

It’s important to keep us updated with any upcoming changes in:

  • Infrastructure
  • Traffic
  • New use case
    Having ongoing communication with the HUMAN success team and security analysts can ensure alignment and performance with your business needs.

How should traffic fluctuations be communicated to HUMAN?

In general, whenever the following situations occur, you should alert our team so we can take action:

  1. Expecting an increase in traffic. Analysts will prepare detections to:
    • Minimize false positives
    • Minimize false negatives
    • Maintain strong identification and blocking of automated malicious attacks
  2. Expecting hype sale levels of traffic. Since these types of events tend to attract highly sophisticated bots, analysts will help your team prepare.
  3. Adding new or changing old paths. Analysts can make any necessary adjustments to make sure these paths are protected.

What are some popular use cases we can utilize?

Bot Defender is a behavior-based bot management solution that protects your websites, mobile applications and APIs from a wide variety of automated attacks. Customers use it to prevent account takeover, carding, denial of inventory, scalping, skewed analytics and web scraping. Here are examples of customer use cases.

Want to learn more about Bot Defender? Visit our Knowledge Center.