The waf log type monitors web application firewall (WAF) logs. The role of a WAF is to monitor and filter HTTP traffic flowing between a web application and the internet. A WAF prevents common security attacks, such as cross-site scripting (XSS) and SQL injection (SQLi).

    The following code snippet contains all the raw_field and ecs mappings for this log type:

    1.   "mappings": [
    2.     {
    3.       "raw_field":"cs-method",
    4.       "ecs":"waf.request.method"
    5.     },
    6.     {
    7.       "raw_field":"httpRequest.httpMethod",
    8.       "ecs":"waf.request.method"
    9.     },
    10.     {
    11.       "raw_field":"cs-uri-query",
    12.       "ecs":"waf.request.uri_query"
    13.     },
    14.     {
    15.       "raw_field":"httpRequest.uri",
    16.       "ecs":"waf.request.uri_query"
    17.     },
    18.     {
    19.       "raw_field":"httpRequest.args",
    20.       "ecs":"waf.request.uri_query"
    21.     },
    22.     {
    23.       "raw_field":"cs-user-agent",
    24.       "ecs":"waf.request.headers.user_agent"
    25.     },
    26.     {
    27.       "raw_field":"httpRequest.headers",
    28.       "ecs":"waf.request.headers"
    29.     },
    30.     {
    31.       "raw_field":"sc-status",
    32.       "ecs":"waf.response.code"
    33.     },
    34.     {
    35.       "raw_field":"responseCodeSent",
    36.       "ecs":"waf.response.code"
    37.     },
    38.     {
    39.       "raw_field":"timestamp",
    40.       "ecs":"timestamp"
    41.     },
    42.     {
    43.       "raw_field":"httpRequest.headers.value",
    44.       "ecs":"waf.request.headers.value"
    45.     },
    46.     {
    47.       "raw_field":"httpRequest.headers.name",
    48.       "ecs":"waf.request.headers.name"
    49.     }
    50.   ]