Stay organized with collections
Save and categorize content based on your preferences.
Change log for AZURE_WAF
Date
Changes
2024-08-22
Enhancement:
- Mapped "properties.ruleSetType" to "security_result.detection_fields".
- When "ruleName" and "ruleSetType" are null, mapped "properties.ruleSetType" to "security_result.rule_name".
- Mapped "properties.details.data" to "security_result.detection_fields".
- Mapped "properties.message" to "security_result.description".
2024-06-10
Enhancement:
- Modified the mapping of "properties.originalHost" (and fall back "properties.host" when originalHost is empty) to "target.hostname" and "target.asset.hostname" fields.
- Added conditional check for "dest_ip".
- Combined "properties.requestUri" and "target_hostname" to get "target_url".
2024-04-07
Enhancement:
- Mapped "rec.properties.clientIp" to "principal.ip".
- Defined "rec_properties_trackingReference", "rec_properties_host", "rec_properties_policyMode", "rec_properties_ruleName", "rec_properties_policy", "rec_properties_details_msg", "rec_properties_clientIP", and "rec_time" in state data.
2023-07-14
Enhancement:
- Added a "for" loop to handle JSON logs.
2023-02-28
Enhancement:
- Mapped "properties.ruleName" to "security_result.rule_name".
- Mapped "properties.action" to "security_result.action".
- Added on_error check for "properties.clientPort", "properties.httpStatus", "properties.receivedBytes", "properties.sentBytes", "properties.clientResponseTime", "properties.timeTaken".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThis change log details enhancements and updates to the AZURE_WAF parser over time, starting from its creation in 2022.\u003c/p\u003e\n"],["\u003cp\u003eRecent updates include mapping various properties like "ruleSetType", "originalHost", and "details.data" to standardized fields within the security results and target information.\u003c/p\u003e\n"],["\u003cp\u003eEnhancements have focused on improving data mapping for fields like rule names, actions, descriptions, and hostname, ensuring accurate logging.\u003c/p\u003e\n"],["\u003cp\u003eConditional checks and handling of JSON logs have been implemented to improve the robustness of the parser.\u003c/p\u003e\n"],["\u003cp\u003eThe parser now also captures and stores more metadata in state data, including tracking references, host information, and policy details.\u003c/p\u003e\n"]]],[],null,["Change log for AZURE_WAF\n\n| Date | Changes |\n|------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| 2024-08-22 | Enhancement: - Mapped \"properties.ruleSetType\" to \"security_result.detection_fields\". - When \"ruleName\" and \"ruleSetType\" are null, mapped \"properties.ruleSetType\" to \"security_result.rule_name\". - Mapped \"properties.details.data\" to \"security_result.detection_fields\". - Mapped \"properties.message\" to \"security_result.description\". |\n| 2024-06-10 | Enhancement: - Modified the mapping of \"properties.originalHost\" (and fall back \"properties.host\" when originalHost is empty) to \"target.hostname\" and \"target.asset.hostname\" fields. - Added conditional check for \"dest_ip\". - Combined \"properties.requestUri\" and \"target_hostname\" to get \"target_url\". |\n| 2024-04-07 | Enhancement: - Mapped \"rec.properties.clientIp\" to \"principal.ip\". - Defined \"rec_properties_trackingReference\", \"rec_properties_host\", \"rec_properties_policyMode\", \"rec_properties_ruleName\", \"rec_properties_policy\", \"rec_properties_details_msg\", \"rec_properties_clientIP\", and \"rec_time\" in state data. |\n| 2023-07-14 | Enhancement: - Added a \"for\" loop to handle JSON logs. |\n| 2023-02-28 | Enhancement: - Mapped \"properties.ruleName\" to \"security_result.rule_name\". - Mapped \"properties.action\" to \"security_result.action\". - Added on_error check for \"properties.clientPort\", \"properties.httpStatus\", \"properties.receivedBytes\", \"properties.sentBytes\", \"properties.clientResponseTime\", \"properties.timeTaken\". |\n| 2022-10-22 | Newly created parser |"]]