Document toolboxDocument toolbox

waf.radware

Owned by Juan Tomás Alonso Nieto (Deactivated), created
Sept 25, 2023
1 min read
[ 1 Introduction ] [ 2 Valid tags and data tables  ] [ 3 Table structure ]

Introduction

The tags beginning with waf.radware identify events generated by Radware.

Valid tags and data tables 

The full tag must have 4 levels. The first two are fixed as waf.radware. The third level identifies the type of events sent. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Radware API

waf.radware.api.user_activity

waf.radware.api.user_activity

waf.radware.api.security_event

waf.radware.api.security_event

For more information, read more About Devo tags.

Table structure

These are the fields displayed in these tables:

waf.radware.api.user_activity

Field

Type

Field transformation

Source field name

Extra fields

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

hostname

str

 

 

 

tracking_id

str

 

 

 

start_date

timestamp

 

 

 

user_email

str

 

 

 

process_type_text

str

 

 

 

status

str

 

 

 

reference_id

str

 

 

 

activity_type

str

 

 

 

metadata__application_configuration

str

 

 

 

metadata__labels

str

 

 

 

metadata__log_time

str

 

 

 

metadata__customer_account

str

 

 

 

metadata__provider_account

str

 

 

 

metadata__messages__extra_line

str

 

 

 

user_agent

str

 

 

 

user_ip4

ip4

ip4(user_ip)

user_ip

 

user_ip6

ip6

ip6(user_ip)

user_ip

 

user_country

str

 

 

 

at_devo_environment

str

 

 

 

at_devo_pulling_id

str

 

 

 

hostchain

str

 

 

✓

tag

str

 

 

✓

rawMessage

str

 

 

✓

waf.radware.api.security_event

Field

Type

Field transformation

Source field name

Extra fields

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

hostname

str

 

 

 

target_module

str

 

 

 

severity

str

 

 

 

request

str

 

 

 

source_port

str

 

 

 

method

str

 

 

 

trans_id

str

 

 

 

description

str

 

 

 

enrichment_container

str

 

 

 

event_type

str

 

 

 

uri

str

 

 

 

violation_type

str

 

 

 

hostname2

str

 

 

 

action

str

 

 

 

details

str

 

 

 

received_time_stamp

str

 

 

 

id

str

 

 

 

application_id

str

 

 

 

external_ip4

ip4

ip4(external_ip)

external_ip

 

external_ip6

ip6

external_ip

 

at_devo_environment

str

 

 

 

at_devo_pulling_id

str

 

 

 

destination_port

str

 

 

 

extension

str

 

 

 

role

str

 

 

 

title

str

 

 

 

app_path

str

 

 

 

directory

str

 

 

 

destination_ip4

ip4

destination_ip

 

destination_ip6

ip6

destination_ip

 

protocol

str

 

 

 

refine_crc

str

 

 

 

violation_category

str

 

 

 

web_app

str

 

 

 

module

str

 

 

 

refine

str

 

 

 

passive

str

 

 

 

vhost

str

 

 

 

source_ip4

ip4

source_ip

 

source_ip6

ip6

source_ip

 

appwall_time_stamp

str

 

 

 

user

str

 

 

 

hostchain

str

 

 

✓

tag

str

 

 

✓

rawMessage

str

 

 

✓