Stay organized with collections
Save and categorize content based on your preferences.
Change log for AZURE_WAF
Date
Changes
2024-08-22
Enhancement:
- Mapped "properties.ruleSetType" to "security_result.detection_fields".
- When "ruleName" and "ruleSetType" are null, mapped "properties.ruleSetType" to "security_result.rule_name".
- Mapped "properties.details.data" to "security_result.detection_fields".
- Mapped "properties.message" to "security_result.description".
2024-06-10
Enhancement:
- Modified the mapping of "properties.originalHost" (and fall back "properties.host" when originalHost is empty) to "target.hostname" and "target.asset.hostname" fields.
- Added conditional check for "dest_ip".
- Combined "properties.requestUri" and "target_hostname" to get "target_url".
2024-04-07
Enhancement:
- Mapped "rec.properties.clientIp" to "principal.ip".
- Defined "rec_properties_trackingReference", "rec_properties_host", "rec_properties_policyMode", "rec_properties_ruleName", "rec_properties_policy", "rec_properties_details_msg", "rec_properties_clientIP", and "rec_time" in state data.
2023-07-14
Enhancement:
- Added a "for" loop to handle JSON logs.
2023-02-28
Enhancement:
- Mapped "properties.ruleName" to "security_result.rule_name".
- Mapped "properties.action" to "security_result.action".
- Added on_error check for "properties.clientPort", "properties.httpStatus", "properties.receivedBytes", "properties.sentBytes", "properties.clientResponseTime", "properties.timeTaken".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-06 UTC."],[[["This change log details enhancements and updates to the AZURE_WAF parser over time, starting from its creation in 2022."],["Recent updates include mapping various properties like \"ruleSetType\", \"originalHost\", and \"details.data\" to standardized fields within the security results and target information."],["Enhancements have focused on improving data mapping for fields like rule names, actions, descriptions, and hostname, ensuring accurate logging."],["Conditional checks and handling of JSON logs have been implemented to improve the robustness of the parser."],["The parser now also captures and stores more metadata in state data, including tracking references, host information, and policy details."]]],[]]
