Stay organized with collections Save and categorize content based on your preferences.

Change log for IMPERVA_WAF

Date Changes
2022-06-28 Enhancement -
Mapped vendor.name = Imperva and product.name = Web Application Firewall for all logs
Changed "metadata.event_type" where the "src" is "Distributed" from "GENERIC_EVENT" to "USER_UNCATEGORIZED"
Changed "metadata.event_type" to "USER_UNCATEGORIZED" to "USER_STATS"
2022-06-20 Modified grok pattern for field "rt".
Bug-fix - Improvements to security_result.action.
- REQ_PASSED: If the request was routed to the site's web server (security_result.action = 'ALLOW').
- REQ_CACHED_X: If a response was returned from the data center's cache (security_result.action = 'ALLOW').
- REQ_BAD_X: If a protocol or network error occurred (security_result.action = 'FAIL').
- REQ_CHALLENGE_X: If a challenge was returned to the client (security_result.action = 'BLOCK').
- REQ_BLOCKED_X: If the request was blocked (security_result.action = 'BLOCK').
2022-06-14 Bug-fix - Added gsub and modified the kv filter to avoid incorrect mapping of fields 'cs1Label', 'cs2Label', 'cs3Label' mapped to UDM field 'security_result.detection_fields'.
2022-05-26 Bug-fix - Removed key name and colon character from the value of the detection fields.
2022-05-10 Enhancement - Mapped the following fields:
- 'cs1', 'cs2', 'cs3', 'cs4', 'cs5', 'fileType', 'filePermission' to 'security_result.detection_fields'.
- 'cs7' to 'principal.location.region_latitude'.
- 'cs8' to 'principal.location.region_longitude'.
- 'cn1', 'cn2' to 'security_result.detection_fields' for CEF format logs.
- 'act' to 'security_result.action' and 'security_result.action_details' for CEF format logs.
- 'app' to 'network.application_protocol' for CEF format logs.
- 'requestClientApplication' to 'network.http.user_agent' for CEF format logs.
- 'dvc' to 'about.ip' for CEF format logs.