Skip to main content

HPM Threat Detection dashboard

Zuora

HPM Threat Detection dashboard

Zuora System Health dashboard for Hosted Payment Method Pages (HPM Threat Detection dashboard) collects and displays HPM traffic and threat data, as well as security settings configured for each hosted payment page. In the HPM Threat Detection dashboard, data about hosted payment pages on your Zuora tenant within a time range are available for you to detect attacks and other issues and then troubleshoot.

This topic contains the following information about the HPM Threat Detection dashboard:

  • How to access the dashboard
  • How to filter, view, and drill down the data in the dashboard
  • Definition of the HPM Threat Detection metrics

For more information about the System Health feature, see Zuora System Health.

Prerequisites

For more information, see Zuora System Health prerequisites.

Access the HPM Threat Detection dashboard

To access the HPM Threat Detection dashboard, navigate to System Health > HPM in the left navigation.

View data in the HPM Threat Detection dashboard

If the overall HPM threat status is under attack, a Warning icon is displayed next to the dashboard title. The dashboard contains three tabs that display the attack, page submission traffic, and security setting data separately. Take the following steps to view and drill down the data. For more information about the metrics, see HPM Threat Detection metrics.

  1. Navigate through the Overview, Pages, and Settings tabs to understand the following information:
    • On the Overview tab, understand the abnormal behaviors leading to the attack and the pages that are impacted.
    • On the Pages tab, understand how the attack happened.
    • On the Settings tab, check your current security configuration and Zuora’s recommendations.
  2. After opening a tab, configure the filter. You can customize the data to be displayed by defining the filter criteria. Click Filters in the upper right of the page, and then use either Timeframe or the combination of Start Time and End Time to define a time range for the data.
  3. On each tab, get drill-down information with the following methods:
    • Hover over the chart to view data of a specific data point.
    • In the Attack Factors chart, you can click the chart to drill down into a data point. To restore the chart to the default level, click Reset in the Attack Factors chart area.
  4. On each tab, get the information for each hosted payment page in the table view. 
    • Sort the table by clicking any of the column headers to quickly find the pages you want to look into.
    • If the page name in the table is clickable, click it to open the preview page of the hosted payment page.
    • Download the data in the table by clicking the download icon  in the upper right of the table.

HPM Threat Detection metrics

The following table provides descriptions of the HPM Threat Detection metrics.

Metric

Definition

Status

The following four cards at the top of the dashboard indicate the overall HPM threat status of your tenant: 

  • Status: the latest HPM threat status of your tenant
  • Pages Affected: the number of pages under attack
  • Card Validation Count: the total number of card validation requests for the defined time range in Filters
  • Card Validation Failure Rate: (the number of failed card validation requests/the total number of card validation requests) for the defined time range in Filters

The metrics presented in the Attack Factors chart provide further information about the threat status. See the following “Attack Factors” section for more information.

Attack Factors

On the Overview tab, the Attack Factors chart presents the change in values of the following factors within a time range, compared with the historical average value of each factor. The value on the vertical axis shows, at a certain time, how many percentages a factor's value is higher or lower than its historical average.

  • Submit Page Count: the total number of page submission requests
  • Submit Page Failure Rate: the number of failed page submission requests/the total number of page submission requests
  • Card Validation Count: the total number of card validation requests
  • Card Validation Failure Rate: the number of failed card validation requests/the total number of card validation requests

The table below the chart also presents the values of Submit Page Count and Submit Page Failure Rate for each hosted payment page. The Under Attack value indicates the HPM threat status of your page. Yes indicates your page is under attack.

Attack Patterns

On the Overview tab, the Attack Patterns card presents the following metrics to help you detect possible attack patterns. By default, six metrics are displayed on the card. Click View All to see all the following metrics in a pop-up window:

  • Submit Page to Request Ratio: the number of page submissions/the number of submission requests. Use this metric to see whether the same token is repeatedly used in page submissions.
  • Unique IP Addresses: the number of unique IP addresses, from which the requests are submitted.
  • IP Rate Limiting Blocks: the number of page submission requests that are blocked by the IP-Based Rate Limiting security setting. Use this metric in combination with the Unique IP Addresses metric to see whether IP-based attacks take place and whether the IP-Based Rate Limiting security setting takes effect.
  • Card Submitted: the number of cards, for which the requests are submitted.
  • Unique Cards Submitted: the number of unique cards, for which the requests are submitted.
  • Card Rate Limiting Blocks: the number of requests that are blocked by the Card-Based Rate Limiting security setting. Use this metric in combination with the Unique Cards Submitted and Card Submitted metrics to see whether card-based attacks take place and whether the Card-Based Rate Limiting security setting takes effect.
  • CAPTCHA Enterprise Challenge: the number of reCAPTCHA Enterprise challenges that are loaded. Use this metric to see whether the reCAPTCHA Enterprise security setting is enabled.
  • CAPTCHA Enterprise Validation Score < 0.9: the number of reCAPTCHA Enterprise validations with the Risk Score Threshold value less than 0.9. Use this metric to see whether reCAPTCHA Enterprise takes effect. If the Risk Score Threshold value of most of the validations is less than 0.9, consider increasing the value to 0.9 to block the attack traffic.

Page Submit Requests

On the Pages tab, the Page Submit Requests chart presents the following metrics for each hosted payment page:

  • The total number of page submission requests (the whole bar)
  • The number of successful submission requests (the green section of the bar)
  • The number of failed submission requests (the red section of the bar)

The table below the chart presents the following metrics for each hosted payment page:

  • Under Attack: HPM threat status of your page. Yes indicates your page is under attack.
  • Page Request: the number of page requests.
  • Submit Page: the number of page submission requests.
  • IP Rate Limiting Blocks: the number of page submission requests that are blocked by the IP-Based Rate Limiting security setting.
  • Page Submit (Unique IP): the number of page submission requests from a unique IP address.
  • Cards Throttled: the number of page requests that are blocked by the Card-Based Rate Limiting security setting.
  • Cards Submitted: the number of cards, for which the requests are submitted.
  • CAPTCHA Failed: the number of failed reCAPTCHA challenges.

Settings

On the Settings tab, the configuration data of the following security settings for each hosted payment page are presented:

  • Token Expiration: the value of the Limit the number of submissions before blocking submission setting
  • IP Rate Limiting: the number of times a hosted payment page can be submitted per minute and per hour from the same IP address
  • Card Rate Limiting: the number of times a hosted payment page can be submitted per minute, per hour, and per day for the same card
  • Risk Score: the value of the page-level Risk Score Threshold setting

Recommended actions for securing each hosted payment page are also provided.

For more information about these settings, see Secure your Payment Pages 2.0 integration with Zuora security measures.

Note that you can configure notifications based on threats caused by card attacks or page attacks. For more information, see Standard events for Zuora Central Platform