Table of Contents | ||||
---|---|---|---|---|
|
...
Valid tags and data tables
The full tag must have 3 levels. The first two are fixed aswaf.signalsciences
and the third identifies the type of events sent.
These are the valid tags and corresponding data tables that will receive the parsers' data:
...
waf.signalsciences.request
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
|
| |
hostname |
|
| |
id |
| ||
serverHostname |
|
| |
remoteIP |
|
| |
remoteHostname |
|
| |
remoteCountryCode |
|
| |
userAgent |
|
| |
timestamp |
| ||
method |
| ||
serverName |
|
| |
protocol |
| ||
tlsProtocol |
| ||
tlsCipher |
| ||
path |
|
| |
uri |
|
| |
scheme |
| ||
headersIn |
| ||
agentResponseCode |
| ||
responseCode |
|
| |
responseSize |
|
| |
responseMillis |
|
| |
headersOut |
|
| |
summation__attrs |
| ||
summation__attrs__AllPreSignalsInformational |
| ||
summation__attrs__NetEffect |
|
| |
summation__attrs__country |
|
| |
summation__attrs__list |
|
| |
summation__attacks |
|
| |
tags |
|
| |
hostchain |
| ✓ | |
tag |
|
| ✓ |
rawMessage |
| ✓ |
How is the data sent to Devo?
Logs generated by Signal Sciences Web Application Firewall are forwarded to Devo using a proprietary Apache nifi collector. Contact us if you need to forward these events to your Devo domain so we can guide you through the process.