Stay organized with collections
Save and categorize content based on your preferences.
Change log for THREATX_WAF
Date
Changes
2025-01-28
- Mapped "dst_domain" to "target.hostname" and "target.assest.hostname".
- Defined "version", "severity", and "priority" fields in statedata.
- Mapped "rule.id", "rule.description", "rule.classification", "rule.state", "rule.contrib_score", "rule.beta", and "rule.blocking" to "security_result.detection_fields".
- Mapped "action", "tenant_name", "random_id", "cookie", "js_fingerprint", "content_type", "postblock_event", "ssl", "content_length", "count", "upstream_response_time", "upstream_response_time", and "response_length" to "additional.fields".
- Mapped "risk" to "security_result.risk_score".
- Mapped "rule.description" to "metadata.description".
- Added a new Grok pattern to map "msg1" to "principal.url".
- Mapped "username" to "target.hostname" and "target.assest.hostname".
- Mapped "old_value" and "new_value" to "additional.fields".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-13 UTC."],[[["The THREATX_WAF parser underwent significant updates on January 28, 2025, involving extensive field mapping and the addition of a new Grok pattern."],["On January 28, 2025, fields such as \"dst_domain\", \"rule.id\", \"action\", and \"risk\" were mapped to various categories like \"target.hostname\", \"security_result.detection_fields\", and \"additional.fields\", respectively."],["The parser's initial creation occurred on October 14, 2024, marking the beginning of its development."]]],[]]
