Document toolboxDocument toolbox

waf.signalsciences

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: Aug 09, 2023 by Borja Moro Moreno
1 min read
[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 Table structure ] [ 4 How is the data sent to Devo? ]

Introduction

The tags beginning with waf.signalsciences identify events generated by Signal Sciences Web Application Firewall belonging to Signal Sciences. 

Valid tags and data tables

The full tag must have 3 levels. The first two are fixed as waf.signalsciences and the third identifies the type of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Signal Sciences Web Application Firewall

waf.signalsciences.request

waf.signalsciences.request

Table structure

These are the fields displayed in this table:

waf.signalsciences.request

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

id

str

 

serverHostname

str

 

remoteIP

ip4

 

remoteHostname

str

 

remoteCountryCode

str

 

userAgent

str

 

timestamp

timestamp

 

method

str

 

serverName

str

 

protocol

str

 

tlsProtocol

str

 

tlsCipher

str

 

path

str

 

uri

str

 

scheme

str

 

headersIn

str

 

agentResponseCode

int4

 

responseCode

int4

 

responseSize

int4

 

responseMillis

int4

 

headersOut

str

 

summation__attrs

str

 

summation__attrs__AllPreSignalsInformational

str

 

summation__attrs__NetEffect

ip4

 

summation__attrs__country

str

 

summation__attrs__list

str

 

summation__attacks

str

 

tags

str

 

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

How is the data sent to Devo?

Logs generated by Signal Sciences Web Application Firewall are forwarded to Devo using a proprietary Apache nifi collector. Contact us if you need to forward these events to your Devo domain so we can guide you through the process.