Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

ImpervaWAF:add log samples

This commit is contained in:
Alex Verbniak 2021-07-20 16:11:03 +02:00
Родитель a9d7102b2f
Коммит 7dc9874fd6
1 изменённых файлов: 9 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

9
Sample Data/Custom/ImpervaWAFCloud_CL.json
Просмотреть файл

@ -22,5 +22,14 @@
},
{
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|Normal|0| fileId=440000430117319678 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Expanse indexes the network perimeters of our customers. If you have any questions or concerns, please reach out to: scaninfo@expanseinc.com deviceFacility=atl cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=47c3c3c8-e681-40c6-a61b-470f63e5d738 cs4Label=VID cs5=27f1a8f2e99bd4a64e1b9b7deaad6c028c0cd935eab7e772d6b541a0817a54f02afdf5ece1cf5aacd2f792b16534eee4 cs5Label=clappsig dproc=Crawler cs6=Expanse cs6Label=clapp ccode=US cicode=Atlanta cs7=33.7485 cs7Label=latitude cs8=-84.3871 cs8Label=longitude Customer=ov@company.com start=1624809852528 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=GET cn1=200 app=HTTP act=REQ_CACHED_FRESH deviceExternalId=185856506375703233 in=4591 cpt=51825 src=172.105.147.109 end=1624809852529"
},
{
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|SQL Injection|0| fileId=536000420203633562 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 deviceFacility=fra cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=3a5239f0-eba1-4d10-9edd-63d078ef11e7 cs4Label=VID cs5=1fa33ee720f821199422001fb69865785b18d140b29684b23ac978ead4910824acce04db7a799841bb033029b4c72b10e33740ea4d2972210f96e3365d25eb25f8148c211177e7e61effce9c12a7de9f1eea71dd57d107a464dfcc54046c78400f9eedd9b846bb0491abe72a4b988e7cd3e7117283cee9f556726334972b7ce9 cs5Label=clappsig dproc=Unclassified cs6=Bot cs6Label=clapp ccode=UA cicode=Kyiv cs7=50.5183 cs7Label=latitude cs8=30.5088 cs8Label=longitude Customer=cust@company.com start=1624459989430 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=GET qstr=e9db863b46KCYodWlkPSopKHVpZD0qKSkofCh1aWQ9KikodXNlclBhc3N3b3JkPXtNRDV9WDAzTU8xcW5aZFlkZ3lmZXVJTFBtUT09KSk app=HTTP act=REQ_BLOCKED_SESSION deviceExternalId=300754127159822978 cpt=63326 src=77.222.131.19 end=1624459989431 fileType=50033 filePermission=666 cs9= cs9Label=Rule name"
},
{
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|Normal|0| fileId=536000420203631383 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 deviceFacility=fra cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=d1703207-e303-4fe4-80bf-01bd53547442 cs4Label=VID cs5=1fa33ee720f821199422001fb69865785b18d140b29684b23ac978ead4910824acce04db7a799841bb033029b4c72b10e33740ea4d2972210f96e3365d25eb25f8148c211177e7e61effce9c12a7de9f1eea71dd57d107a464dfcc54046c78400f9eedd9b846bb0491abe72a4b988e7cd3e7117283cee9f556726334972b7ce9 cs5Label=clappsig dproc=Unclassified cs6=Bot cs6Label=clapp ccode=UA cicode=Kyiv cs7=50.5183 cs7Label=latitude cs8=30.5088 cs8Label=longitude Customer=ov@company.com start=1624459982372 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=POST postbody=testtrue&bf2e087242%2f%2a%2a%2fUN%2f%2a%2a%2fION%2f%2a%2a%2fSEL%2f%2a%2a%2fECT%2f%2a%2a%2fpassword%2f%2a%2a%2fFR%2fOM%2f%2a%2a%2fUsers%2f%2a%2a%2fWHE%2f%2a%2a%2fRE%2f%2a%2a%2fusersame%2f%2a%2a%2fLIKE%2f%2a%2a%2f%27tom%27-- cn1=405 app=HTTP act=REQ_PASSED deviceExternalId=133619516400208512 sip=33.153.23.33 spt=80 in=285 xff=33.33.33.33 cpt=61269 src=33.222.11.33 end=1624459982378"
},
{
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|Normal|0| fileId=1344000210263575150 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com deviceFacility=iad cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=acd48a1b-daa0-4ef8-b4d0-9084708bf3a7 cs4Label=VID cs5=3ef4755ba073991770f204961c0d4e188c0cd935eab7e772d6b541a0817a54f02afdf5ece1cf5aacd2f792b16534eee4 cs5Label=clappsig dproc=Developer Tool cs6=Go HTTP library cs6Label=clapp ccode=US cicode=Washington cs7=38.894 cs7Label=latitude cs8=-77.0365 cs8Label=longitude Customer=cust@company.com start=1624671299714 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=GET app=HTTPS act=REQ_BAD_CLIENT_CLOSED_CONNECTION deviceExternalId=963340059111589198 sip=35.156.26.77 spt=8443 xff=33.83.33.23 cpt=39255 src=34.86.35.29 ver=TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 end=1624671309677"
}
]