Stay organized with collections
Save and categorize content based on your preferences.
Change log for AWS_WAF
Date
Changes
2025-02-17
Enhancement:
- Added support for OCSF JSON format logs.
2024-03-14
Enhancement:
- Added gsub function to handle invalid escape characters "\" in the source logs to valid JSON format.
2023-12-29
Enhancement:
- Mapped "user-agent" and "User-Agent" to "network.http.user_agent" and "network.http.parsed_user_agent".
- Mapped the base64 decoded value of "authorization" header from "httpRequest.header" to "target.user.userid".
2023-12-08
Bug-Fix:
- Modified the condition before mapping "header.value" to "target.hostname".
- Modified the mapping of "target.url" from "http://%{header.value}%{httpRequest.uri}" to "httpRequest.uri".
- If "terminatingRuleType" is "MANAGED_RULE_GROUP", then added a condition for mapping "ruleGroupList.terminatingRule".
- Added "on_error" for mutate blocks wherever required".
2023-09-11
Enhancement:
- Added a Grok pattern to support a new log format.
2023-08-16
Enhancement:
- Mapped "ruleGroup.terminatingRule.action" to "security_result.detection_fields" when "terminatingRuleType" is "REGULAR".
2022-12-16
Enhancement:
- Combined two date filters into one and updated condition for date filter to if "timestamp" is not null.
- Dropped logs when "json_failure" is true.
- Mapped "httpRequest.headers.value" to "event.idm.read_only_udm.network.http.parsed_user_agent" when "httpRequest.headers.name" is "user-agent".
2022-08-11
Enhancement:- Removed the logic to handle CSV and SYSLOG message logs.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-13 UTC."],[[["This changelog details enhancements and bug fixes for AWS_WAF, covering updates from July 2022 to February 2025."],["Recent enhancements include support for OCSF JSON format logs and the addition of a gsub function to handle invalid escape characters in source logs."],["Several updates involve mapping various log fields, such as \"user-agent\" and \"authorization\" headers, to standardized fields like \"network.http.user_agent,\" \"network.http.parsed_user_agent,\" and \"target.user.userid\"."],["Bug fixes include modifications to the conditions for mapping specific fields and the addition of error handling for mutate blocks."],["The parser has been created on 2022-07-22, and it has removed the logic for handling CSV and SYSLOG message logs."]]],[]]
