Change log for AWS_WAF
| Date | Changes |
|---|---|
| 2024-03-14 | Enhancement:
- Added gsub function to handle invalid escape characters "\" in the source logs to valid JSON format. |
| 2023-12-29 | Enhancement:
- Mapped "user-agent" and "User-Agent" to "network.http.user_agent" and "network.http.parsed_user_agent". - Mapped the base64 decoded value of "authorization" header from "httpRequest.header" to "target.user.userid". |
| 2023-12-08 | Bug-Fix:
- Modified the condition before mapping "header.value" to "target.hostname". - Modified the mapping of "target.url" from "http://%{header.value}%{httpRequest.uri}" to "httpRequest.uri". - If "terminatingRuleType" is "MANAGED_RULE_GROUP", then added a condition for mapping "ruleGroupList.terminatingRule". - Added "on_error" for mutate blocks wherever required". |
| 2023-09-11 | Enhancement:
- Added a Grok pattern to support a new log format. |
| 2023-08-16 | Enhancement:
- Mapped "ruleGroup.terminatingRule.action" to "security_result.detection_fields" when "terminatingRuleType" is "REGULAR". |
| 2022-12-16 | Enhancement:
- Combined two date filters into one and updated condition for date filter to if "timestamp" is not null. - Dropped logs when "json_failure" is true. - Mapped "httpRequest.headers.value" to "event.idm.read_only_udm.network.http.parsed_user_agent" when "httpRequest.headers.name" is "user-agent". |
| 2022-08-11 | Enhancement:- Removed the logic to handle CSV and SYSLOG message logs.
|
| 2022-07-22 | Newly Created Parser
|