An attack upon a web interface is detected in real-time. The web interface is one of many web interfaces across many ports across many computer systems within a network. Data on the attack is gathered. The attack data includes traffic data. Variants of the attack are determined based on data of the attack. The variants are selected from a predetermined set of attack variants. The attacked interface is scanned with the selected attack variants. The web interface is identified as vulnerable to at least one variant of the attack. In response to this identification, the attack is responded to without human intervention.
