Link Search Menu Expand Document Documentation Menu

The waf log type monitors web application firewall (WAF) logs. The role of a WAF is to monitor and filter HTTP traffic flowing between a web application and the internet. A WAF prevents common security attacks, such as cross-site scripting (XSS) and SQL injection (SQLi).

The following code snippet contains all the raw_field and ecs mappings for this log type:

  "mappings": [
    {
      "raw_field":"cs-method",
      "ecs":"waf.request.method"
    },
    {
      "raw_field":"httpRequest.httpMethod",
      "ecs":"waf.request.method"
    },
    {
      "raw_field":"cs-uri-query",
      "ecs":"waf.request.uri_query"
    },
    {
      "raw_field":"httpRequest.uri",
      "ecs":"waf.request.uri_query"
    },
    {
      "raw_field":"httpRequest.args",
      "ecs":"waf.request.uri_query"
    },
    {
      "raw_field":"cs-user-agent",
      "ecs":"waf.request.headers.user_agent"
    },
    {
      "raw_field":"httpRequest.headers",
      "ecs":"waf.request.headers"
    },
    {
      "raw_field":"sc-status",
      "ecs":"waf.response.code"
    },
    {
      "raw_field":"responseCodeSent",
      "ecs":"waf.response.code"
    },
    {
      "raw_field":"timestamp",
      "ecs":"timestamp"
    },
    {
      "raw_field":"httpRequest.headers.value",
      "ecs":"waf.request.headers.value"
    },
    {
      "raw_field":"httpRequest.headers.name",
      "ecs":"waf.request.headers.name"
    }
  ]
350 characters left

Have a question? .

Want to contribute? or .