Versions Compared

Old Version 1

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Product / Service

Tags

Data tables

Fastly Next-Gen WAF

waf.fastly.nextgen_waf.site_activity.corp.site

waf.fastly.nextgen_waf

waf.fastly.nextgen_waf.corp_activity

waf.fastly.nextgen_waf.corp_event

waf.fastly.nextgen_waf.request_feed

waf.fastly.nextgen_waf.site_activity

...

These are the fields displayed in these tables:

Anchor
tag0
tag0
waf.fastly.nextgen_waf

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

hostname

str

 

type

str

vsubtype

id

str

 

event_type

str

 

timestamp

timestamp

 

message

str

 

created

timestamp

 

remote_country_code

str

 

remote_hostname

str

 

at_devo_environment

str

 

at_devo_pulling_id

str

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor
tag1
tag1
waf.fastly.nextgen_waf.corp_activity

Field

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

id

str

 

event_type

str

 

msg_data__corp_name

str

 

msg_data__detail_link

str

 

msg_data__email

str

 

msg_data__token_name

str

 

msg_data__user_agent

str

 

msg_data__inviter_email

str

 

msg_data__inviter_name

str

 

msg_data__recipient_email

str

 

msg_data__role

str

 

msg_data__site_roles

str

 

msg_data__site_word

str

 

message

str

 

attachments

str

 

created

timestamp

 

at_devo_environment

str

 

at_devo_pulling_id

str

 

corp_name

str

 

site

str

 

rawMessage

str

 

hostchain

str

 

tag

str

 

Anchor
tag2
tag2
waf.fastly.nextgen_waf.corp_event

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

id

str

 

 

timestamp

timestamp

 

 

source_ip4

ip4

Code Block
ip4(source)

source

source_ip6

ip6

Code Block
ip6(source)

source

remote_country_code

str

 

 

remote_hostname

str

 

 

user_agents

str

 

 

action

str

 

 

threat_type

str

 

 

reasons_sqli

int4

 

 

reasons_xss

int4

 

 

reasons_cmdexe

int4

 

 

reasons_traversal

int4

 

 

request_count

int4

 

 

tag_count

int4

 

 

window

int4

 

 

expires

timestamp

 

 

expired_by

str

 

 

at_devo_environment

str

 

 

at_devo_pulling_id

str

 

 

detected_timestamp

timestamp

 

 

alert_id

str

 

 

example_request__id

str

 

 

example_request__server_hostname

str

 

 

example_request__remote_ip4

ip4

Code Block
ip4(example_request__remote_ip)

example_request__remote_ip

example_request__remote_ip6

ip6

Code Block
ip6(example_request__remote_ip)

example_request__remote_ip

example_request__remote_hostname

str

 

 

example_request__remote_country_code

str

 

 

example_request__user_agent

str

 

 

example_request__timestamp

timestamp

 

 

example_request__method

str

 

 

example_request__server_name

str

 

 

example_request__protocol

str

 

 

example_request__tls_protocol

str

 

 

example_request__tls_cipher

str

 

 

example_request__path

str

 

 

example_request__uri

str

 

 

example_request__scheme

str

 

 

example_request__headers_in

str

 

 

example_request__agent_response_code

int4

 

 

example_request__response_code

int4

 

 

example_request__response_size

int4

 

 

example_request__response_millis

int4

 

 

example_request__headers_out

str

 

 

example_request__summation__attacks

str

 

 

example_request__tags

str

 

 

corp_name

str

 

 

site

str

 

 

rawMessage

str

 

 

hostchain

str

 

 

tag

str

 

 

Anchor
tag3
tag3
waf.fastly.nextgen_waf.request_feed

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

id

str

 

 

server_hostname

str

 

 

remote_ip4

ip4

Code Block
ip4(remote_ip)

remote_ip

remote_ip6

ip6

Code Block
ip6(remote_ip)

remote_ip

remote_hostname

str

 

 

remote_country_code

str

 

 

user_agent

str

 

 

timestamp

timestamp

 

 

method

str

 

 

server_name

str

 

 

protocol

str

 

 

file_path

str

 

 

uri

str

 

 

response_code

int4

 

 

response_size

int4

 

 

response_millis

int4

 

 

agent_response_code

int4

 

 

tags

str

 

 

detected_timestamp

timestamp

 

 

source_ip4

ip4

Code Block
ip4(source)

source

source_ip6

ip6

Code Block
ip6(source)

source

user_agents

str

 

 

action

str

 

 

threat_type

str

 

 

reasons_sqli

int4

 

 

reasons_cmdexe

int4

 

 

reasons_traversal

int4

 

 

reasons_useragent

int4

 

 

reasons_xss

int4

 

 

request_count

int4

 

 

tag_count

int4

 

 

window

int4

 

 

expires

timestamp

 

 

expired_by

str

 

 

alert_id

str

 

 

example_request__id

str

 

 

example_request__server_hostname

str

 

 

example_request__remote_ip4

ip4

Code Block
ip4(example_request__remote_ip)

example_request__remote_ip

example_request__remote_ip6

ip6

Code Block
ip6(example_request__remote_ip)

example_request__remote_ip

example_request__remote_hostname

str

 

 

example_request__remote_country_code

str

 

 

example_request__user_agent

str

 

 

example_request__timestamp

timestamp

 

 

example_request__method

str

 

 

example_request__server_name

str

 

 

example_request__protocol

str

 

 

example_request__tls_protocol

str

 

 

example_request__tls_cipher

str

 

 

example_request__path

str

 

 

example_request__uri

str

 

 

example_request__scheme

str

 

 

example_request__headers_in

str

 

 

example_request__agent_response_code

int4

 

 

example_request__response_code

int4

 

 

example_request__response_size

int4

 

 

example_request__response_millis

int4

 

 

example_request__headers_out

str

 

 

example_request__summation__attacks

str

 

 

example_request__tags

str

 

 

at_devo_environment

str

 

 

at_devo_pulling_id

str

 

 

corp_name

str

 

 

site

str

 

 

rawMessage

str

 

 

hostchain

str

 

 

tag

str

 

 

Anchor
tag4
tag4
waf.fastly.nextgen_waf.site_activity

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

id

str

 

 

event_type

str

 

 

msg_data__ip4

ip4

Code Block
ip4(msg_data__ip)

msg_data__ip

msg_data__ip6

ip6

Code Block
ip6(msg_data__ip)

msg_data__ip

msg_data__affected_tags

str

 

 

msg_data__agent_action

str

 

 

msg_data__alert_action

str

 

 

msg_data__analyze_duration

str

 

 

msg_data__attacks

str

 

 

msg_data__corp

str

 

 

msg_data__country_name

str

 

 

msg_data__detail_link

str

 

 

msg_data__duration

str

 

 

msg_data__event_date

timestamp

Code Block
parsedate(replace(replace(msg_data__event_date_str, " at", ""), " UTC", ""), "MMM DD, YYYY HH:mm", "UTC")

msg_data__event_date_str

msg_data__event_host

str

 

 

msg_data__formatted_tags

str

 

 

msg_data__id

str

 

 

msg_data__malicious_requests

str

 

 

msg_data__overlap_check

str

 

 

msg_data__rule_detail

str

 

 

msg_data__site

str

 

 

message

str

 

 

created

timestamp

 

 

at_devo_environment

str

 

 

at_devo_pulling_id

str

 

 

attachments

str

 

 

corp_name

str

 

 

site

str

 

 

rawMessage

str

 

 

hostchain

str

 

 

tag

str