HPM Threat Detection dashboard

Last updated
Save as PDF

Zuora System Health dashboard for Hosted Payment Method Pages (HPM Threat Detection dashboard) collects and displays HPM traffic and threat data, as well as security settings configured for each hosted payment page. In the HPM Threat Detection dashboard, data about hosted payment pages on your Zuora tenant within a time range are available for you to detect attacks and other issues and then troubleshoot.

This topic contains the following information about the HPM Threat Detection dashboard:

How to access the dashboard
How to filter, view, and drill down the data in the dashboard
Definition of the HPM Threat Detection metrics

For more information about the System Health feature, see Zuora System Health.

Prerequisites

For more information, see Zuora System Health prerequisites.

Access the HPM Threat Detection dashboard

To access the HPM Threat Detection dashboard, navigate to Administration > System Health > HPM Threat Detection in the left navigation menu.

View data in the HPM Threat Detection dashboard

If the overall HPM threat status is under attack, a Warning icon is displayed next to the dashboard title. The dashboard contains three tabs that display the attack, page submission traffic, and security setting data separately. Take the following steps to view and drill down the data. For more information about the metrics, see HPM Threat Detection metrics.

Navigate through the Overview, Pages, and Settings tabs to understand the following information:
- On the Overview tab, understand the abnormal behaviors leading to the attack and the pages that are impacted.
- On the Pages tab, understand how the attack happened.
- On the Settings tab, check your current security configuration and Zuora’s recommendations.
After opening a tab, configure the filter. You can customize the data to be displayed by defining the filter criteria. Click Filters in the upper right of the page, and then use either Timeframe or the combination of Start Time and End Time to define a time range for the data.
On each tab, get drill-down information with the following methods:
- Hover over the chart to view data of a specific data point.
- In the Attack Factors chart, you can click the chart to drill down into a data point. To restore the chart to the default level, click Reset in the Attack Factors chart area.
On each tab, get the information for each hosted payment page in the table view.
- Sort the table by clicking any of the column headers to quickly find the pages you want to look into.
- If the page name in the table is clickable, click it to open the preview page of the hosted payment page.
- Download the data in the table by clicking the download icon in the upper right of the table.

HPM Threat Detection metrics

The following table provides descriptions of the HPM Threat Detection metrics.

Metric	Definition
Status	The following four cards at the top of the dashboard indicate the overall HPM threat status of your tenant: Status: the latest HPM threat status of your tenant Pages Affected: the number of pages under attack Card Validation Count: the total number of card validation requests for the defined time range in Filters Card Validation Failure Rate: (the number of failed card validation requests/the total number of card validation requests) for the defined time range in Filters The metrics presented in the Attack Factors chart provide further information about the threat status. See the following “Attack Factors” section for more information.
Attack Factors	On the Overview tab, the Attack Factors chart presents the change in values of the following factors within a time range, compared with the historical average value of each factor. The value on the vertical axis shows, at a certain time, how many percentages a factor's value is higher or lower than its historical average. Submit Page Count: the total number of page submission requests Submit Page Failure Rate: the number of failed page submission requests/the total number of page submission requests Card Validation Count: the total number of card validation requests Card Validation Failure Rate: the number of failed card validation requests/the total number of card validation requests The table below the chart also presents the values of Submit Page Count and Submit Page Failure Rate for each hosted payment page. The Under Attack value indicates the HPM threat status of your page. Yes indicates your page is under attack.
Attack Patterns	On the Overview tab, the Attack Patterns card presents the following metrics to help you detect possible attack patterns. By default, six metrics are displayed on the card. Click View All to see all the following metrics in a pop-up window: Submit Page to Request Ratio: the number of page submissions/the number of submission requests. Use this metric to see whether the same token is repeatedly used in page submissions. Unique IP Addresses: the number of unique IP addresses, from which the requests are submitted. IP Rate Limiting Blocks: the number of page submission requests that are blocked by the IP-Based Rate Limiting security setting. Use this metric in combination with the Unique IP Addresses metric to see whether IP-based attacks take place and whether the IP-Based Rate Limiting security setting takes effect. Card Submitted: the number of cards, for which the requests are submitted. Unique Cards Submitted: the number of unique cards, for which the requests are submitted. Card Rate Limiting Blocks: the number of requests that are blocked by the Card-Based Rate Limiting security setting. Use this metric in combination with the Unique Cards Submitted and Card Submitted metrics to see whether card-based attacks take place and whether the Card-Based Rate Limiting security setting takes effect. CAPTCHA Enterprise Challenge: the number of reCAPTCHA Enterprise challenges that are loaded. Use this metric to see whether the reCAPTCHA Enterprise security setting is enabled. CAPTCHA Enterprise Validation Score < 0.9: the number of reCAPTCHA Enterprise validations with the Risk Score Threshold value less than 0.9. Use this metric to see whether reCAPTCHA Enterprise takes effect. If the Risk Score Threshold value of most of the validations is less than 0.9, consider increasing the value to 0.9 to block the attack traffic.
Page Submit Requests	On the Pages tab, the Page Submit Requests chart presents the following metrics for each hosted payment page: The total number of page submission requests (the whole bar) The number of successful submission requests (the green section of the bar) The number of failed submission requests (the red section of the bar) The table below the chart presents the following metrics for each hosted payment page: Under Attack: HPM threat status of your page. Yes indicates your page is under attack. Render Page Count: The number of page render requests. Submit Page Count: The number of page submission requests. Unique Card Submitted: The number of unique cards, for which the requests are submitted. Unique IPs Count: The number of unique IPs from the page submission requests. IP Rate Limiting Blocks: The number of page submission requests that are blocked by the IP-Based Rate Limiting security measure. Blocked IPs Count: The number of unique IPs from page submission requests that are blocked by the IP-Based Rate Limiting security measure. Card Rate Limiting Blocks: The number of page submission requests that are blocked by the Card-Based Rate Limiting security measure. Token Expiration Blocks: The number of page submission requests that are blocked by the Token Expiration security measure. Tenant Rate Limiting Blocks: The number of page submission requests that are blocked by the Tenant-Level Rate Limiting security measure. Captcha Enterprise Blocks: The number of page submission requests that are blocked by the Google reCAPTCHA security measure. Other Submit Page Failure Reason
Settings	On the Settings tab, the configuration data of the following security settings for each hosted payment page are presented: Token Expiration: the value of the Limit the number of submissions before blocking submission setting IP Rate Limiting: the number of times a hosted payment page can be submitted per minute and per hour from the same IP address Card Rate Limiting: the number of times a hosted payment page can be submitted per minute, per hour, and per day for the same card Risk Score: the value of the page-level Risk Score Threshold setting Recommended actions for securing each hosted payment page are also provided. For more information about these settings, see Secure your Payment Pages 2.0 integration with Zuora security measures.

Note that you can configure notifications based on threats caused by card attacks or page attacks. For more information, see Standard events for Zuora Central Platform.

Subscribe to the HPM Threat Report

You can subscribe to the HPM Threat Report to help you timely detect bot attacks that happened on your hosted payment pages. The following information is included in the report:

Bot attack patterns
Security settings during the attack
Recommended actions

The HPM Threat Report is available for only Production environments.

To subscribe to the report, complete the following steps:

On the HPM Threat Detection page, click HPM Threat Report in the upper right of the page.
If you want to see a sample report, click Preview. A sample report will open in a dialog.
In the HPM Threat Report dropdown list, click Subscribe.
In the dialog asking for your confirmation about the report subscription, click Yes.

A report will be sent to the work email of the current user when possible bot attacks are detected. To verify the work email address that will receive the HPM Threat Report, complete the following steps:

Click your username in the upper right, and then click Profile.
On the Personal Settings page, click Manage Your Profile. The email address in the Work Email field will receive the report.

If you want to cancel your subscription to the report, click HPM Threat Report and then click Unsubscribe.