Glossary
Activity
Anything that happens in a site or corp. Use this term when you want to describe both configurations and events.
Admin
A user role that has limited access to corp configurations, can edit specific sites, and can invite users to sites. Learn more.
Agent
One of the main components of the Signal Sciences architecture. The agent receives requests from modules and quickly decides whether those requests contain attacks or not. The agent then passes their decision back to the module. Learn more.
Agent Alerts
Custom alerts that trigger notifications whenever:
- The average number of requests per second (RPS) for all agents across all sites reaches a user-specified threshold.
- The number of online agents reaches a user-specified threshold.
Agent Mode
Determines whether to block requests, not block requests, or entirely disable request processing. Learn more.
Allow
An agent decision to allow a request through.
Anomalies
Abnormal requests that, although not attacks, may still be notable. Examples include malformed request data and requests originating from known scanners. Learn more.
API tokens
Permanent tokens used to access the Signal Sciences API. Users can connect to the API using their email and access token instead of a session token. Learn more.
API users
User accounts granted special permission to access the Signal Sciences API and bypass Multi-Factor Authentication (MFA) and Single Sign-On (SSO). Learn more.
Attacks
Malicious requests containing attack payloads designed to hack, destroy, disable, steal, gain unauthorized access, and otherwise take harmful actions against a corp’s sites. Learn more.
Audit log
A page that records corp and site activity over the last 30 days. Audit logs include timestamps and user information for tracking purposes.
Blocking
An agent mode that blocks subsequent requests tagged with attack signals from a flagged IP. Blocking mode still allows legitimate traffic through if the requests do not contain attack signals. Learn more.
Cards
Visual charts of data that can be monitored and customized on site dashboards. Learn more.
Cloud engine
One of the main components of the Signal Sciences architecture. The cloud engine collects metadata to help improve agent detections and decisions. Learn more.
Configurations
Features that users can configure to meet their business needs. Configurations are always manually edited. They include: custom rules, lists, custom signals, alerts, integrations, site settings, custom dashboards, and user management.
Console
The Signal Sciences user interface (UI). Can also be referred to as "Signal Sciences console" "SigSci console" or "management console".
Corp (Corporation)
A global view for monitoring multiple sites and managing all sites, users, and other corp configurations. Learn more.
Dashboards
A view for monitoring and tracking threats. Signal Sciences provides out-of-the-box system dashboards, but users can also create their own custom dashboards. The https://docs.signalsciences.net/using-signal-sciences/features/overview-page/site overview dashboard gives visibility into specific types of attacks and anomalies while the https://docs.signalsciences.net/using-signal-sciences/features/corp-overview-report/corp overview dashboard gives a snapshot of all top site activity. Learn more.
Events
Actions that Signal Sciences takes as the result of both system and templated rules. This includes any occurrence that happens on the Events page, such as a flagged IP. Events are automatically system generated.
Flagged IPs
An IP that has been flagged for containing attack traffic that has exceeded thresholds. Learn more.
Header links
External data like Splunk or Kibana that connects with request data from Signal Sciences. Learn more.
Integrations
DevOps toolchain apps that send notifications about corp and site activity to users. Examples include Slack, Datadog, Pagerduty, mailing lists, and generic webhooks. Learn more.
IP Anonymization
IPs are converted to anonymous IPv6 so that Signal Sciences will not know the actual IP, which causes the IP to appear anonymous in the console. Learn more.
Lists
Sets of custom data used in corp and site rules, such as a list of countries a corp doesn't do business with. Lists include sets of countries, IPs, strings, and wildcards. Learn more.
Logging
Logging means that request data is collected and stored in Signal Sciences’ backend. If a user sets their agent mode to not blocking, Signal Sciences will only log requests instead of logging and blocking them.
Module
One of the main components of the Signal Sciences architecture. The module receives and passes requests to the agent. It then enforces the agent's decisions to either allow, log, or block those requests. Learn more.
Monitor
To observe and keep watch over corp and site activity.
Monitor view
Site dashboards in a TV-friendly format. Learn more.
Not blocking
The default agent mode. In this mode, attacks are logged but not blocked and the site is not actively protected. Learn more.
Notification
Any product message sent internally or externally. External notifications are sent through integrations (e.g., a Slack notification is sent when a new site is created).
Observer
A user role that can view sites they are assigned to, but cannot edit any configurations. Learn more.
Off
An agent mode that stops sending traffic to Signal Sciences and disables all request processing. Learn more.
Owner
A user role that has access to all corp configurations, can edit every site, and can manage users. Learn more.
Redactions
Sensitive data that is not sent to the Signal Sciences backend for privacy reasons. Signal Sciences redacts some sensitive data by default, such as credit card numbers and social security numbers. In addition to the default redactions, users can specify their own custom redactions. Learn more.
Requests
Information that is sent from the client to the server over the hypertext transfer protocol (HTTP). Signal Sciences protects over a trillion production requests per month. Learn more.
Role
Every user is assigned one role: owner, admin, user, or observer. Learn more.
Custom Rules
A configuration that lets users define conditions to block, allow, or tag requests or exclude system signals based on their own business needs. Learn more.
Signals
Metadata that is tagged to a request to provide visibility about that request (e.g., XSS, HTTP 404) There are 2 types of system signals: attack signals (red) and anomaly signals (purple). There are also custom signals (blue). Learn more.
Site
A single web application, bundle of web applications, API, or microservice that Signal Sciences can protect from attacks. Users can monitor events, set up blocking mode to block attacks, and create custom configurations on sites.
Site alerts
A custom alert that allows users to define thresholds for when to flag, block, or log an IP. Learn more.
Suspicious IPs
IPs that are approaching thresholds, but have not yet met or exceeded them. Learn more.
Thresholds
A limit either set by Signal Sciences or custom set by users that must be exceeded for a certain event to happen. For example, suspicious IPs must exceed a certain threshold to become flagged.
User (role)
A user role that can edit site configurations on sites they are assigned to. Learn more.
Users
All of the people who manage, edit, or just observe activity. Users also include system-created API users.
Virtual Patch
A virtual patch prevents attacks of a known vulnerability in a module or framework by not allowing the attacks to reach the web app. This buys time to fix the underlying vulnerability while the virtual patch is protecting the app. Learn more.
Weekly Summary
A weekly site report that covers:
- How many requests the agents saw, and which ones contained attacks and/or anomalies
- How many IPs were flagged
- A breakdown of attacks by country
- Top attacks and anomalies