Defacement detection

This week's update is all about a new feature: defacement detection. The ingredients have been present for a long time already, but the feature has never been developed enough to hit production before.

There are three levels of detection. The first are major page changes on a website. This will trigger an event (query: index=events eid=1679) prompting you to check if these are legitimate changes.

The second is major changes combined with suspicious artefacts. This will result in a problem event (query: index=events eid=1680) appearing on your timeline indicating a likely defacement.

The last one is for the case where no major changes detected, but suspicious artefacts are found (query: index=events eid=1681). It will result in a warning (orange) event

If you have any false positives, please contact me. Specific cases will help us to make better detections.