diff --git a/.env b/.env index 997507e85..ce311ad44 100644 --- a/.env +++ b/.env @@ -1,3 +1,3 @@ # version for opensearch & opensearch-dashboards docker image -VERSION=2.9.0 +VERSION=3.0.0 diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/assets/aws_waf-1.0.0.ndjson b/server/adaptors/integrations/__data__/repository/aws_waf/assets/aws_waf-1.0.0.ndjson new file mode 100644 index 000000000..fdbe42a5e --- /dev/null +++ b/server/adaptors/integrations/__data__/repository/aws_waf/assets/aws_waf-1.0.0.ndjson @@ -0,0 +1,24 @@ +{"attributes":{"fields":"[{\"count\":0,\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.waf.action\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.waf.formatVersion\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host\"}}},{\"count\":0,\"name\":\"aws.waf.httpRequest.args\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.waf.httpRequest.args.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.waf.httpRequest.args\"}}},{\"count\":0,\"name\":\"aws.waf.httpRequest.clientIp\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.waf.httpRequest.country\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.waf.httpRequest.headers.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.waf.httpRequest.headers.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.waf.httpRequest.headers.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.waf.httpRequest.headers.value\"}}},{\"count\":0,\"name\":\"aws.waf.httpRequest.httpMethod\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.waf.httpRequest.httpVersion\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.waf.httpRequest.requestId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.waf.httpRequest.requestId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.waf.httpRequest.requestId\"}}},{\"count\":0,\"name\":\"aws.waf.httpRequest.uri\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.waf.httpRequest.uri.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.waf.httpRequest.uri\"}}},{\"count\":0,\"name\":\"aws.waf.httpSourceId\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.waf.httpSourceName\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.waf.labels.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.waf.labels.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.waf.labels.name\"}}},{\"count\":0,\"name\":\"aws.waf.ruleGroupList.ruleGroupId\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.waf.ruleGroupList.terminatingRule.aws.waf.action\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.waf.ruleGroupList.terminatingRule.ruleId\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.waf.terminatingRuleId\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.waf.terminatingRuleType\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"userAgent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"userAgent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"userAgent\"}}},{\"count\":0,\"name\":\"aws.waf.webaclId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.waf.webaclId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.waf.webaclId\"}}},{\"count\":0,\"name\":\"webaclName\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"@timestamp","title":"logs-waf-*"},"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MTgsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Top Client IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"logs-waf-Top Client IPs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.httpRequest.clientIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"71b2a6fc-6c2e-42d4-82b6-4f5a2741f63f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MTksMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Total Requests","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-waf-Total Requests\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"aws.waf.labels\":{\"show\":false},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"}}"},"id":"58bb62ff-66e4-4dab-9b64-c8cf812c46a2","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MjAsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"aws.waf.action:BLOCK\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Total Blocked Requests","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-waf-Total Blocked Requests\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"aws.waf.labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"1e59055f-d033-4e25-985c-2902e5d138ea","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MjEsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Country or Region By Requests","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-waf-Country or Region By Requests\",\"type\":\"region_map\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.httpRequest.country\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"legendPosition\":\"bottomright\",\"addTooltip\":true,\"colorSchema\":\"Yellow to Red\",\"selectedLayer\":{\"name\":\"World Countries\",\"origin\":\"elastic_maps_service\",\"id\":\"world_countries\",\"created_at\":\"2017-04-26T17:12:15.978370\",\"attribution\":\"Made with NaturalEarth | Elastic Maps Service\",\"fields\":[{\"type\":\"id\",\"name\":\"iso2\",\"description\":\"ISO 3166-1 alpha-2 code\"},{\"type\":\"id\",\"name\":\"iso3\",\"description\":\"ISO 3166-1 alpha-3 code\"},{\"type\":\"property\",\"name\":\"name\",\"description\":\"name\"}],\"format\":{\"type\":\"geojson\"},\"layerId\":\"elastic_maps_service.World Countries\",\"isEMS\":true},\"emsHotLink\":\"https://maps.elastic.co/v6.7?locale=en#file/world_countries\",\"selectedJoinField\":{\"type\":\"id\",\"name\":\"iso2\",\"description\":\"ISO 3166-1 alpha-2 code\"},\"isDisplayWarning\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"default\":true,\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"\",\"id\":\"TMS in config/kibana.yml\",\"origin\":\"self_hosted\"}},\"mapZoom\":2,\"mapCenter\":[0,0],\"outlineWeight\":1,\"showAllShapes\":true}}"},"id":"3cb53d17-ac34-45db-aaeb-97791c9d82d2","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MjIsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Executed WAF Rules","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-waf-Executed WAF Rules\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.terminatingRuleId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"aws.waf.labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"912530c2-48a6-4618-8010-b8007e44ed2c","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MjMsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"title":"logs-waf-Filters","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-waf-Filters\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"fieldName\":\"webaclName\",\"id\":\"1565169719620\",\"label\":\"WebACL\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1565775477773\",\"fieldName\":\"aws.waf.terminatingRuleType\",\"parent\":\"\",\"label\":\"Rule Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"fieldName\":\"aws.waf.action\",\"id\":\"1565169899571\",\"label\":\"aws.waf.action\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"indexPatternRefName\":\"control_2_index_pattern\"},{\"fieldName\":\"aws.waf.httpRequest.country\",\"id\":\"1565170498755\",\"label\":\"Country or Region\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1565182161719\",\"fieldName\":\"host.keyword\",\"parent\":\"\",\"label\":\"Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"},{\"fieldName\":\"aws.waf.httpRequest.clientIp\",\"id\":\"1565170536048\",\"label\":\"Client IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":false,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"indexPatternRefName\":\"control_5_index_pattern\"},{\"id\":\"1647912414472\",\"fieldName\":\"aws.waf.httpSourceId\",\"parent\":\"\",\"label\":\"Source\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_6_index_pattern\"},{\"fieldName\":\"aws.waf.ruleGroupList.ruleGroupId\",\"id\":\"1565169760470\",\"label\":\"Rule\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"indexPatternRefName\":\"control_7_index_pattern\"},{\"id\":\"1647911642407\",\"fieldName\":\"aws.waf.labels.name.keyword\",\"parent\":\"\",\"label\":\"Label\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_8_index_pattern\"}],\"pinFilters\":true,\"updateFiltersOnChange\":true,\"useTimeFilter\":false}}"},"id":"4394f245-57e6-475e-ad33-cd29742e2b8a","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"control_0_index_pattern","type":"index-pattern"},{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"control_1_index_pattern","type":"index-pattern"},{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"control_2_index_pattern","type":"index-pattern"},{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"control_3_index_pattern","type":"index-pattern"},{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"control_4_index_pattern","type":"index-pattern"},{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"control_5_index_pattern","type":"index-pattern"},{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"control_6_index_pattern","type":"index-pattern"},{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"control_7_index_pattern","type":"index-pattern"},{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"control_8_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2022-03-22T01:29:36.328Z","version":"WzEyMzc3LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Top Countries or Regions","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"logs-waf-Top Countries or Regions\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.httpRequest.country\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country or Region\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"ecc648d9-2b36-46c4-a527-7fbccad61ba8","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MjUsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Top User-Agents","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}","version":1,"visState":"{\"title\":\"logs-waf-Top User-Agents\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"userAgent.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User-Agent\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"b12eee40-37c6-436e-bcfb-d993d3a51aca","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MjYsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-HTTP Methods","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-waf-HTTP Methods\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.httpRequest.httpMethod\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"aws.waf.labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"c02eb336-6502-4ac4-aa53-91de17910031","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MjcsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Unique Client IPs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-waf-Unique Client IPs\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"aws.waf.httpRequest.clientIp\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"aws.waf.labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"866d8631-5f43-4246-8c7d-ed39d70c9a9f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MjksMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Top Hosts","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"logs-waf-Top Hosts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"exclude\":\"\",\"include\":\"\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"row\":true}}"},"id":"e9522627-5bf8-4a3e-b995-0037300bb082","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MzEsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Top WebACLs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"logs-waf-Top WebACLs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"webaclName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"WebACL Name\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.webaclId.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"WebACL ID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"1935ea3d-8155-44d4-b837-8a1397f00980","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MzIsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Top Rules","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"logs-waf-Top Rules\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.terminatingRuleId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Rule Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"3fa73516-89de-41c8-bacf-035da4e959af","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MzMsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Top Request URIs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"logs-waf-Top Request URIs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.httpRequest.uri.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"URI\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"a0cac454-18c9-4099-91bb-93a76512bb93","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MzQsMV0="} +{"attributes":{"columns":["aws.waf.httpRequest.clientIp","aws.waf.httpRequest.args","aws.waf.httpRequest.uri","host","aws.waf.httpRequest.country","aws.waf.action","aws.waf.labels","terminatingRuleMatchDetails","aws.waf.terminatingRuleId"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"logs-waf-Matched Details","version":1},"id":"d0ee6b41-8ebb-44a2-9ea7-86251ae7e089","migrationVersion":{"search":"7.9.3"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2022-03-22T01:57:25.407Z","version":"WzEyNDQ4LDFd"} +{"attributes":{"columns":["aws.waf.httpRequest.clientIp","terminatingRuleMatchDetails","aws.waf.labels","aws.waf.ruleGroupList","rateBasedRuleList","aws.waf.httpRequest.args","aws.waf.terminatingRuleId","aws.waf.action","nonTerminatingMatchingRules"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"aws.waf.terminatingRuleId:*\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"logs-waf-Terminating Matching Rule","version":1},"id":"712af10a-14a8-4eca-b791-ea701f80529f","migrationVersion":{"search":"7.9.3"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2022-03-21T02:29:23.065Z","version":"WzExNTE2LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Web ACLs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-waf-Web ACLs\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"webaclName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"aws.waf.labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"f3400632-1596-403b-a447-57bc3971246e","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MzcsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Requests History","uiStateJSON":"{\"vis\":{\"colors\":{\"BLOCK\":\"#E24D42\",\"ALLOW\":\"#629E51\"}}}","version":1,"visState":"{\"title\":\"logs-waf-Requests History\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"2022-03-22T19:00:00.000Z\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"aws.waf.labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"aws.waf.labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"aws.waf.labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"3390bff0-ab15-11ec-b721-5f83aa22d08e","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-03-24T02:02:37.452Z","version":"WzEzMDI2LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Requests by Source","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-waf-Requests by Source\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.httpSourceId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"aws.waf.labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"9b152580-ab15-11ec-b721-5f83aa22d08e","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-03-24T01:57:39.337Z","version":"WzEyODMyLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Block Allow Host Uri","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}}}","version":1,"visState":"{\"title\":\"logs-waf-Block Allow Host Uri\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.httpRequest.uri.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request URI\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":3,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"aws.waf.action\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"fb588f28-934f-4476-94f4-cd99ad90be69","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MzgsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Top aws.waf.labels","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"logs-waf-Top aws.waf.labels\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.labels.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Label\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.httpRequest.uri.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request URI\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"642534d0-72c0-11ec-acf9-63f0c6197356","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-12T01:39:20.829Z","version":"WzU0NzgsMV0="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{\"hidePanelTitles\":false,\"table\":null,\"title\":\"Top Client IPs\",\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":17,\"i\":\"1\",\"w\":12,\"x\":12,\"y\":63},\"panelIndex\":\"1\",\"title\":\"Top Client IPs\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Total Requests\"},\"gridData\":{\"h\":6,\"i\":\"2\",\"w\":12,\"x\":0,\"y\":8},\"panelIndex\":\"2\",\"title\":\"Total Requests\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Total Blocked Requests\"},\"gridData\":{\"h\":6,\"i\":\"3\",\"w\":12,\"x\":0,\"y\":14},\"panelIndex\":\"3\",\"title\":\"Total Blocked Requests\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Country or Region By Requests\"},\"gridData\":{\"h\":22,\"i\":\"6\",\"w\":36,\"x\":0,\"y\":26},\"panelIndex\":\"6\",\"title\":\"Country or Region By Requests\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"WAF Rules\"},\"gridData\":{\"h\":12,\"i\":\"8\",\"w\":12,\"x\":36,\"y\":12},\"panelIndex\":\"8\",\"title\":\"WAF Rules\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Filters\"},\"gridData\":{\"h\":8,\"i\":\"9\",\"w\":36,\"x\":0,\"y\":0},\"panelIndex\":\"9\",\"title\":\"Filters\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Top Countries or Regions\"},\"gridData\":{\"h\":15,\"i\":\"10\",\"w\":12,\"x\":36,\"y\":48},\"panelIndex\":\"10\",\"title\":\"Top Countries or Regions\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Top User Agents\"},\"gridData\":{\"h\":17,\"i\":\"11\",\"w\":24,\"x\":24,\"y\":63},\"panelIndex\":\"11\",\"title\":\"Top User Agents\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"HTTP Methods\"},\"gridData\":{\"h\":12,\"i\":\"12\",\"w\":12,\"x\":36,\"y\":36},\"panelIndex\":\"12\",\"title\":\"HTTP Methods\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Unique Client IPs\"},\"gridData\":{\"h\":6,\"i\":\"14\",\"w\":12,\"x\":0,\"y\":20},\"panelIndex\":\"14\",\"title\":\"Unique Client IPs\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Top Hosts\"},\"gridData\":{\"h\":15,\"i\":\"16\",\"w\":12,\"x\":12,\"y\":48},\"panelIndex\":\"16\",\"title\":\"Top Hosts\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Top WebACLs\"},\"gridData\":{\"h\":15,\"i\":\"17\",\"w\":12,\"x\":0,\"y\":48},\"panelIndex\":\"17\",\"title\":\"Top WebACLs\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Top Rules\"},\"gridData\":{\"h\":17,\"i\":\"18\",\"w\":12,\"x\":0,\"y\":63},\"panelIndex\":\"18\",\"title\":\"Top Rules\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Top Request URIs\"},\"gridData\":{\"h\":15,\"i\":\"19\",\"w\":12,\"x\":24,\"y\":48},\"panelIndex\":\"19\",\"title\":\"Top Request URIs\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"View by aws.waf.httpRequest args,uri,path\"},\"gridData\":{\"h\":18,\"i\":\"20\",\"w\":48,\"x\":0,\"y\":118},\"panelIndex\":\"20\",\"title\":\"View by aws.waf.httpRequest args,uri,path\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_14\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"View by Matching Rule\"},\"gridData\":{\"h\":20,\"i\":\"21\",\"w\":48,\"x\":0,\"y\":98},\"panelIndex\":\"21\",\"title\":\"View by Matching Rule\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_15\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Web ACLs\"},\"gridData\":{\"h\":12,\"i\":\"4e8b942b-3972-4139-915d-521de2e22574\",\"w\":12,\"x\":36,\"y\":0},\"panelIndex\":\"4e8b942b-3972-4139-915d-521de2e22574\",\"title\":\"Web ACLs\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_16\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Requests History\",\"vis\":{\"colors\":{\"ALLOW\":\"#629E51\",\"BLOCK\":\"#BF1B00\"}}},\"gridData\":{\"h\":18,\"i\":\"61ab1f0a-1eb6-4a0a-9673-83506e61ecef\",\"w\":24,\"x\":12,\"y\":8},\"panelIndex\":\"61ab1f0a-1eb6-4a0a-9673-83506e61ecef\",\"title\":\"Requests History\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_17\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Sources\"},\"gridData\":{\"h\":12,\"i\":\"82f50929-a6d5-455d-a3a7-4434b508b749\",\"w\":12,\"x\":36,\"y\":24},\"panelIndex\":\"82f50929-a6d5-455d-a3a7-4434b508b749\",\"title\":\"Sources\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_18\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"table\":null,\"title\":\"Block Allow Host Uri\",\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"e48a3b9d-d533-4c45-9263-9f1c946d0e82\",\"w\":24,\"x\":0,\"y\":80},\"panelIndex\":\"e48a3b9d-d533-4c45-9263-9f1c946d0e82\",\"title\":\"Block Allow Host Uri\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_19\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Top aws.waf.labels with Host, Uri\"},\"gridData\":{\"h\":18,\"i\":\"0d730c5b-bdc3-4ff7-9cd5-2a729303b66d\",\"w\":24,\"x\":24,\"y\":80},\"panelIndex\":\"0d730c5b-bdc3-4ff7-9cd5-2a729303b66d\",\"title\":\"Top aws.waf.labels with Host, Uri\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_20\"}]","timeRestore":false,"title":"logs-waf-dashboard","version":1},"id":"3ce97e1e-b385-4841-8152-c3bce7d68d1f","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"71b2a6fc-6c2e-42d4-82b6-4f5a2741f63f","name":"panel_0","type":"visualization"},{"id":"58bb62ff-66e4-4dab-9b64-c8cf812c46a2","name":"panel_1","type":"visualization"},{"id":"1e59055f-d033-4e25-985c-2902e5d138ea","name":"panel_2","type":"visualization"},{"id":"3cb53d17-ac34-45db-aaeb-97791c9d82d2","name":"panel_3","type":"visualization"},{"id":"912530c2-48a6-4618-8010-b8007e44ed2c","name":"panel_4","type":"visualization"},{"id":"4394f245-57e6-475e-ad33-cd29742e2b8a","name":"panel_5","type":"visualization"},{"id":"ecc648d9-2b36-46c4-a527-7fbccad61ba8","name":"panel_6","type":"visualization"},{"id":"b12eee40-37c6-436e-bcfb-d993d3a51aca","name":"panel_7","type":"visualization"},{"id":"c02eb336-6502-4ac4-aa53-91de17910031","name":"panel_8","type":"visualization"},{"id":"866d8631-5f43-4246-8c7d-ed39d70c9a9f","name":"panel_9","type":"visualization"},{"id":"e9522627-5bf8-4a3e-b995-0037300bb082","name":"panel_10","type":"visualization"},{"id":"1935ea3d-8155-44d4-b837-8a1397f00980","name":"panel_11","type":"visualization"},{"id":"3fa73516-89de-41c8-bacf-035da4e959af","name":"panel_12","type":"visualization"},{"id":"a0cac454-18c9-4099-91bb-93a76512bb93","name":"panel_13","type":"visualization"},{"id":"d0ee6b41-8ebb-44a2-9ea7-86251ae7e089","name":"panel_14","type":"search"},{"id":"712af10a-14a8-4eca-b791-ea701f80529f","name":"panel_15","type":"search"},{"id":"f3400632-1596-403b-a447-57bc3971246e","name":"panel_16","type":"visualization"},{"id":"3390bff0-ab15-11ec-b721-5f83aa22d08e","name":"panel_17","type":"visualization"},{"id":"9b152580-ab15-11ec-b721-5f83aa22d08e","name":"panel_18","type":"visualization"},{"id":"fb588f28-934f-4476-94f4-cd99ad90be69","name":"panel_19","type":"visualization"},{"id":"642534d0-72c0-11ec-acf9-63f0c6197356","name":"panel_20","type":"visualization"}],"type":"dashboard","updated_at":"2022-03-24T02:00:22.332Z","version":"WzEyOTI4LDFd"} +{"exportedCount":23,"missingRefCount":0,"missingReferences":[]} diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/aws_waf-1.0.0.json b/server/adaptors/integrations/__data__/repository/aws_waf/aws_waf-1.0.0.json new file mode 100644 index 000000000..439704b87 --- /dev/null +++ b/server/adaptors/integrations/__data__/repository/aws_waf/aws_waf-1.0.0.json @@ -0,0 +1,49 @@ +{ + "name": "aws_waf", + "version": "1.0.0", + "displayName": "AWS waf", + "description": "AWS waf log collector", + "license": "Apache-2.0", + "type": "logs_waf", + "author": "OpenSearch", + "sourceUrl": "https://github.com/opensearch-project/dashboards-observability/tree/main/server/adaptors/integrations/__data__/repository/aws_waf/info", + "statics": { + "logo": { + "annotation": "AWS waf Logo", + "path": "logo.jpg" + }, + "gallery": [ + { + "annotation": "AWS waf Log Dashboard", + "path": "dashboard.png" + } + ] + }, + "components": [ + { + "name": "aws_waf", + "version": "1.0.0" + }, + { + "name": "cloud", + "version": "1.0.0" + }, + { + "name": "logs_waf", + "version": "1.0.0" + }, + { + "name": "aws_s3", + "version": "1.0.0" + } + ], + "assets": { + "savedObjects": { + "name": "aws_waf", + "version": "1.0.0" + } + }, + "sampleData": { + "path": "samples.json" + } +} diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/data/samples-raw.json b/server/adaptors/integrations/__data__/repository/aws_waf/data/samples-raw.json new file mode 100644 index 000000000..f2fc953fd --- /dev/null +++ b/server/adaptors/integrations/__data__/repository/aws_waf/data/samples-raw.json @@ -0,0 +1,38 @@ +{"timestamp":1679548657700,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"no-cors"},{"name":"sec-fetch-dest","value":"image"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/favicon.ico","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"a8i7U3kgh9ZgC-i_-vuB9ycuY1yXZA2C93SommMJO-NSZ8w1EfbQTA=="}} +{"timestamp":1679548655120,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"text/css,*/*;q=0.1"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"no-cors"},{"name":"sec-fetch-dest","value":"style"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/static/css/main.3c74189a.css","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"Nwcv2BEFdfsvUgaBa878YM2DqeOJvjgYTi_D1OZ7zsluZDCsscmgig=="}} +{"timestamp":1679548658454,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en-US/cluster.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"9EBB1jusDQ4BJHy7Im56e5obUGBHLcJ0-d6PwMZ1DCoEApsumJFKCw=="}} +{"timestamp":1679548660209,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"no-cors"},{"name":"sec-fetch-dest","value":"script"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/static/js/704.0fc9620b.chunk.js","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"PCylxlN5B7WYLr9E-FsDoRtynBLm6s5aKn-gYhFFn74KV0H6mtM2bA=="}} +{"timestamp":1679548657700,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en/info.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"KtWGg2zob530o7N5bNUT2zRbco11OGdsdYgcCmFAzUluNx3QgSQEJw=="}} +{"timestamp":1679548657700,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en-US/common.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"_F-SWxrC9nZ22jplLSvC7_ox2Jx2xPFE9HYT4tQtOcAYJwBrg1v6NQ=="}} +{"timestamp":1679548654049,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"upgrade-insecure-requests","value":"1"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"accept","value":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"},{"name":"sec-fetch-site","value":"none"},{"name":"sec-fetch-mode","value":"navigate"},{"name":"sec-fetch-user","value":"?1"},{"name":"sec-fetch-dest","value":"document"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/log-pipeline/service-log","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"pytY5ev4ebR05f9mQGOnwufqXpk_FbsgRuFjd9cihOg42IqyE9Gx0Q=="}} +{"timestamp":1679548657700,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en/ekslog.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"y34C69VSSUEMC3BippLVEXzZnQoBttgRdH6R1rZExLwc2lZIt6X2sA=="}} +{"timestamp":1679548657700,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en/applog.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"W2b9qzn-ubH9iI-8NUXzC0WFMWmfO5A7cOEEDqzBzbdfpSUKdv2Mfw=="}} +{"timestamp":1679548657700,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en/resource.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"r0JWgRulEiWPnFXo0Kcu-nBQeaIX1X9f2EfUdvFFQMXsxBKkc27J0A=="}} +{"timestamp":1679548657699,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en/cluster.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"9F8xi5ujMH1et6Ysh_-2VQhiIAgLYJkA6bejtXBuIl7lx1QKDxUxtQ=="}} +{"timestamp":1679548657701,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en-US/home.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"iPfEWiMKyaM6iFv3XGLK9hvQt7ZchJXnV-hBr-DFdWnYlH04h0ZRzw=="}} +{"timestamp":1679548661128,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"no-cors"},{"name":"sec-fetch-dest","value":"script"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/static/js/171.b2862bb4.chunk.js","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"imCy2Tz9QYBNeRoKSbwnueyJbqltF52pBw6RRoQ95TyTtmbC8R_vvg=="}} +{"timestamp":1679548655117,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"no-cors"},{"name":"sec-fetch-dest","value":"script"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/static/js/main.1fce72cf.js","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"YF_xCzvlSslgoa6sHVY78bbK9JyI5xZv4ofP-o3FcwLtCjDho4VtOQ=="}} +{"timestamp":1679548657699,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en/common.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"3hCiWgV0BpwLCt1e9nvpFQGM7QMSj-g40cb5pTvi3Z_5diK-0TaUJQ=="}} +{"timestamp":1679548657699,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en/servicelog.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"MEkdaSTQMtuUA_whHiIM3l3wpPthbiFLV5GHVIfx39O8dKRrotcZew=="}} +{"timestamp":1679548658487,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en-US/resource.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"wbUO-9AVJzjhJHFdjd5cmouNp4ulDmm4hYbAQqdKRAS3o59mlwo9pA=="}} +{"timestamp":1679548657700,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en/home.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"MTcYuStUpGv5GcTKzDVKrpTO1P91eESO0K3dkDJ87a6MzAWK33ZKww=="}} +{"timestamp":1679548658458,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en-US/applog.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"MP4ldvR5h-k1hYZyNUe3npEQdNsF1upPYgZDAUBAfpTY6ydjehgszQ=="}} +{"timestamp":1679548660212,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"no-cors"},{"name":"sec-fetch-dest","value":"script"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/static/js/156.e12ab3ef.chunk.js","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"ZEec9twgKzh-7M5mBk31JG1cgpZaq6JCEvJ0P7rss0q66ID-NRorWw=="}} +{"timestamp":1679548662021,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"no-cors"},{"name":"sec-fetch-dest","value":"script"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/static/js/42.a78e6cdc.chunk.js","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"vfGrNbR3NHPIb8i1sDwZXapumeCzZ44Vo9T3wYXyXX5Eqntn2gBzvA=="}} +{"timestamp":1679548658495,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en-US/info.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"tyQN06m_gBa9rAP3gsxpoBt7TSbaByGd341sms_h8Rx5ZuuStXe0Yw=="}} +{"timestamp":1679548658458,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en-US/servicelog.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"qD11sEL_uV0sX3XjNEwkB74nGIUy5nefHwn7REK3nU-xYtAEEtCf3w=="}} +{"timestamp":1679548658458,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en-US/ekslog.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"iBmLjtAsp6KQkYMEnSHHdX_4OQ66cG993XlSoMEMBbO6SuvySzuQXQ=="}} +{"timestamp":1679548661131,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"no-cors"},{"name":"sec-fetch-dest","value":"script"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/static/js/54.66e91f12.chunk.js","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"fmndmvBBD1sko0pOCapAyqaPOD1YSuqzw_8gwkHGtVnQ0KxDnBf9sQ=="}} +{"timestamp":1679548659321,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"accept","value":"application/json, text/plain, */*"},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/aws-exports.json","args":"timestamp=1679548658747","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"HM4AuFrQ0scez_PTg9Ie_mtTkcTed0wa6u5Otl7MoYTO7uWEvwHHDw=="}} +{"timestamp":1679548661130,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"no-cors"},{"name":"sec-fetch-dest","value":"script"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/static/js/289.f9fcf639.chunk.js","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"AvozC55PQVeSjj18F5Pl00PIOaImVS6EGoMLWpT84xstY0BaO55hzQ=="}} +{"timestamp":1679548666813,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"accept","value":"application/json, text/plain, */*"},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/aws-exports.json","args":"timestamp=1679548665916","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"SZqmcXIZ9PBSamzQowJBc2bV5eVmhJVJA-wxDSRdP6Gqqnnm6Ll4zw=="}} +{"timestamp":1679548660212,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"no-cors"},{"name":"sec-fetch-dest","value":"script"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/static/js/592.57113085.chunk.js","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"ILEgkYBAGPgRq6uo82mbIV6QxFhy4bZVkpel-9AoHEkQNhSX68WpZw=="}} +{"timestamp":1679548674691,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"cache-control","value":"max-age=0"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"upgrade-insecure-requests","value":"1"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"accept","value":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"},{"name":"sec-fetch-site","value":"none"},{"name":"sec-fetch-mode","value":"navigate"},{"name":"sec-fetch-user","value":"?1"},{"name":"sec-fetch-dest","value":"document"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"},{"name":"if-none-match","value":"\"af0d9ab1ebeaf8ff3ce34ea9e79f2579\""},{"name":"if-modified-since","value":"Tue, 31 Jan 2023 09:25:22 GMT"}],"uri":"/log-pipeline/service-log","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"LZEvUnDWadacvKLRROO1NHZBGpwozTNadZSOAnrJcicJqrHoBUJP0w=="}} +{"timestamp":1679548665306,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"cache-control","value":"max-age=0"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"upgrade-insecure-requests","value":"1"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"accept","value":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"},{"name":"sec-fetch-site","value":"none"},{"name":"sec-fetch-mode","value":"navigate"},{"name":"sec-fetch-user","value":"?1"},{"name":"sec-fetch-dest","value":"document"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"},{"name":"if-none-match","value":"\"af0d9ab1ebeaf8ff3ce34ea9e79f2579\""},{"name":"if-modified-since","value":"Tue, 31 Jan 2023 09:25:22 GMT"}],"uri":"/log-pipeline/service-log","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"yr4cC1IFd6ZHD6UmTw_QTayDWwqmyuqce7Q6VqTjFBPpLIybmfcIxg=="}} +{"timestamp":1679548669345,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"cache-control","value":"max-age=0"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"upgrade-insecure-requests","value":"1"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"accept","value":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"},{"name":"sec-fetch-site","value":"none"},{"name":"sec-fetch-mode","value":"navigate"},{"name":"sec-fetch-user","value":"?1"},{"name":"sec-fetch-dest","value":"document"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"},{"name":"if-none-match","value":"\"af0d9ab1ebeaf8ff3ce34ea9e79f2579\""},{"name":"if-modified-since","value":"Tue, 31 Jan 2023 09:25:22 GMT"}],"uri":"/log-pipeline/service-log","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"jPbv-RPsxtsQ5k9xxyWSKvE9bFlJLTarzMBVDy2xukWleaMpjZh72A=="}} +{"timestamp":1679548672385,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"cache-control","value":"max-age=0"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"upgrade-insecure-requests","value":"1"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"accept","value":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"},{"name":"sec-fetch-site","value":"none"},{"name":"sec-fetch-mode","value":"navigate"},{"name":"sec-fetch-user","value":"?1"},{"name":"sec-fetch-dest","value":"document"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"},{"name":"if-none-match","value":"\"af0d9ab1ebeaf8ff3ce34ea9e79f2579\""},{"name":"if-modified-since","value":"Tue, 31 Jan 2023 09:25:22 GMT"}],"uri":"/log-pipeline/service-log","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"KBDRxdNLJ5vN4EN6E7fHA0qqnReXb-hZTYkMV5Qi77DU63I0pjOfsg=="}} +{"timestamp":1679548672903,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"accept","value":"application/json, text/plain, */*"},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/aws-exports.json","args":"timestamp=1679548672251","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"6fz1cJxE2PYMUoi1Y0OIyqNUAZqwiftW5oay3fNrnaBahCkFc-4VCA=="}} +{"timestamp":1679548670280,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"accept","value":"application/json, text/plain, */*"},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/aws-exports.json","args":"timestamp=1679548669562","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"AiaVoelxpsweW5RAwvj2v37T0Qdzb-YT8PxndPpbJMAFZ3LH8oRElw=="}} +{"timestamp":1679548679496,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"accept","value":"application/json, text/plain, */*"},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/aws-exports.json","args":"timestamp=1679548678928","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"PM2dHUCB05rj_5pWg6pLfvU-Iu2WcoaNI1HvpPe3_S4pX5As56TRqA=="}} +{"timestamp":1679548675776,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"accept","value":"application/json, text/plain, */*"},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/aws-exports.json","args":"timestamp=1679548675203","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"HLBUYRzP8ll-I-2qOho5h8AUrzSjlvWw7DJrDk4VeYx92FugehT68w=="}} +{"timestamp":1679548678725,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"cache-control","value":"max-age=0"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"upgrade-insecure-requests","value":"1"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"accept","value":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"},{"name":"sec-fetch-site","value":"none"},{"name":"sec-fetch-mode","value":"navigate"},{"name":"sec-fetch-user","value":"?1"},{"name":"sec-fetch-dest","value":"document"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"},{"name":"if-none-match","value":"\"af0d9ab1ebeaf8ff3ce34ea9e79f2579\""},{"name":"if-modified-since","value":"Tue, 31 Jan 2023 09:25:22 GMT"}],"uri":"/log-pipeline/service-log","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"QL4r6nTLZ0zEwDNyrrv64BYG6nrLGwQx1WPAsdPeQai6cecRr83rFQ=="}} diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/data/samples.json b/server/adaptors/integrations/__data__/repository/aws_waf/data/samples.json new file mode 100644 index 000000000..ff029c2a7 --- /dev/null +++ b/server/adaptors/integrations/__data__/repository/aws_waf/data/samples.json @@ -0,0 +1,4594 @@ +[ + { + "@timestamp": "2023-07-17T08:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "no-cors" + }, + { + "name": "sec-fetch-dest", + "value": "image" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/favicon.ico", + "args": "", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "a8i7U3kgh9ZgC-i_-vuB9ycuY1yXZA2C93SommMJO-NSZ8w1EfbQTA==" + } + } + } + }, + { + "@timestamp": "2023-07-17T04:12:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "text/css,*/*;q=0.1" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "no-cors" + }, + { + "name": "sec-fetch-dest", + "value": "style" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/static/css/main.3c74189a.css", + "args": "", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "Nwcv2BEFdfsvUgaBa878YM2DqeOJvjgYTi_D1OZ7zsluZDCsscmgig==" + } + } + } + }, + { + "@timestamp": "2023-07-13T01:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "*/*" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "cors" + }, + { + "name": "sec-fetch-dest", + "value": "empty" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/locales/en-US/cluster.json", + "args": "v=v1.3.0", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "9EBB1jusDQ4BJHy7Im56e5obUGBHLcJ0-d6PwMZ1DCoEApsumJFKCw==" + } + } + } + }, + { + "@timestamp": "2023-07-16T03:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "*/*" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "no-cors" + }, + { + "name": "sec-fetch-dest", + "value": "script" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/static/js/704.0fc9620b.chunk.js", + "args": "", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "PCylxlN5B7WYLr9E-FsDoRtynBLm6s5aKn-gYhFFn74KV0H6mtM2bA==" + } + } + } + }, + { + "@timestamp": "2023-07-12T08:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "*/*" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "cors" + }, + { + "name": "sec-fetch-dest", + "value": "empty" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/locales/en/info.json", + "args": "v=v1.3.0", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "KtWGg2zob530o7N5bNUT2zRbco11OGdsdYgcCmFAzUluNx3QgSQEJw==" + } + } + } + }, + { + "@timestamp": "2023-07-10T08:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "*/*" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "cors" + }, + { + "name": "sec-fetch-dest", + "value": "empty" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/locales/en-US/common.json", + "args": "v=v1.3.0", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "_F-SWxrC9nZ22jplLSvC7_ox2Jx2xPFE9HYT4tQtOcAYJwBrg1v6NQ==" + } + } + } + }, + { + "@timestamp": "2023-07-09T08:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "upgrade-insecure-requests", + "value": "1" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "accept", + "value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7" + }, + { + "name": "sec-fetch-site", + "value": "none" + }, + { + "name": "sec-fetch-mode", + "value": "navigate" + }, + { + "name": "sec-fetch-user", + "value": "?1" + }, + { + "name": "sec-fetch-dest", + "value": "document" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/log-pipeline/service-log", + "args": "", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "pytY5ev4ebR05f9mQGOnwufqXpk_FbsgRuFjd9cihOg42IqyE9Gx0Q==" + } + } + } + }, + { + "@timestamp": "2023-07-18T08:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "*/*" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "cors" + }, + { + "name": "sec-fetch-dest", + "value": "empty" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/locales/en/ekslog.json", + "args": "v=v1.3.0", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "y34C69VSSUEMC3BippLVEXzZnQoBttgRdH6R1rZExLwc2lZIt6X2sA==" + } + } + } + }, + { + "@timestamp": "2023-07-19T01:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "*/*" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "cors" + }, + { + "name": "sec-fetch-dest", + "value": "empty" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/locales/en/applog.json", + "args": "v=v1.3.0", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "W2b9qzn-ubH9iI-8NUXzC0WFMWmfO5A7cOEEDqzBzbdfpSUKdv2Mfw==" + } + } + } + }, + { + "@timestamp": "2023-07-12T01:00:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "*/*" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "cors" + }, + { + "name": "sec-fetch-dest", + "value": "empty" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/locales/en/resource.json", + "args": "v=v1.3.0", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "r0JWgRulEiWPnFXo0Kcu-nBQeaIX1X9f2EfUdvFFQMXsxBKkc27J0A==" + } + } + } + }, + { + "@timestamp": "2023-07-13T12:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "*/*" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "cors" + }, + { + "name": "sec-fetch-dest", + "value": "empty" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/locales/en/cluster.json", + "args": "v=v1.3.0", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "9F8xi5ujMH1et6Ysh_-2VQhiIAgLYJkA6bejtXBuIl7lx1QKDxUxtQ==" + } + } + } + }, + { + "@timestamp": "2023-07-20T12:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "*/*" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "cors" + }, + { + "name": "sec-fetch-dest", + "value": "empty" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/locales/en-US/home.json", + "args": "v=v1.3.0", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "iPfEWiMKyaM6iFv3XGLK9hvQt7ZchJXnV-hBr-DFdWnYlH04h0ZRzw==" + } + } + } + }, + { + "@timestamp": "2023-07-11T10:00:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "*/*" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "no-cors" + }, + { + "name": "sec-fetch-dest", + "value": "script" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/static/js/171.b2862bb4.chunk.js", + "args": "", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "imCy2Tz9QYBNeRoKSbwnueyJbqltF52pBw6RRoQ95TyTtmbC8R_vvg==" + } + } + } + }, + { + "@timestamp": "2023-07-09T08:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "*/*" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "no-cors" + }, + { + "name": "sec-fetch-dest", + "value": "script" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/static/js/main.1fce72cf.js", + "args": "", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "YF_xCzvlSslgoa6sHVY78bbK9JyI5xZv4ofP-o3FcwLtCjDho4VtOQ==" + } + } + } + }, + { + "@timestamp": "2023-07-01T12:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "*/*" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "cors" + }, + { + "name": "sec-fetch-dest", + "value": "empty" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/locales/en/common.json", + "args": "v=v1.3.0", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "3hCiWgV0BpwLCt1e9nvpFQGM7QMSj-g40cb5pTvi3Z_5diK-0TaUJQ==" + } + } + } + }, + { + "@timestamp": "2023-07-19T00:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "*/*" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "cors" + }, + { + "name": "sec-fetch-dest", + "value": "empty" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/locales/en/servicelog.json", + "args": "v=v1.3.0", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "MEkdaSTQMtuUA_whHiIM3l3wpPthbiFLV5GHVIfx39O8dKRrotcZew==" + } + } + } + }, + { + "@timestamp": "2023-07-13T11:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "*/*" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "cors" + }, + { + "name": "sec-fetch-dest", + "value": "empty" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/locales/en-US/resource.json", + "args": "v=v1.3.0", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "wbUO-9AVJzjhJHFdjd5cmouNp4ulDmm4hYbAQqdKRAS3o59mlwo9pA==" + } + } + } + }, + { + "@timestamp": "2023-07-21T05:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "*/*" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "cors" + }, + { + "name": "sec-fetch-dest", + "value": "empty" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/locales/en/home.json", + "args": "v=v1.3.0", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "MTcYuStUpGv5GcTKzDVKrpTO1P91eESO0K3dkDJ87a6MzAWK33ZKww==" + } + } + } + }, + { + "@timestamp": "2023-07-11T12:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "*/*" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "cors" + }, + { + "name": "sec-fetch-dest", + "value": "empty" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/locales/en-US/applog.json", + "args": "v=v1.3.0", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "MP4ldvR5h-k1hYZyNUe3npEQdNsF1upPYgZDAUBAfpTY6ydjehgszQ==" + } + } + } + }, + { + "@timestamp": "2023-07-12T01:04:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "*/*" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "no-cors" + }, + { + "name": "sec-fetch-dest", + "value": "script" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/static/js/156.e12ab3ef.chunk.js", + "args": "", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "ZEec9twgKzh-7M5mBk31JG1cgpZaq6JCEvJ0P7rss0q66ID-NRorWw==" + } + } + } + }, + { + "@timestamp": "2023-07-10T00:10:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "*/*" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "no-cors" + }, + { + "name": "sec-fetch-dest", + "value": "script" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/static/js/42.a78e6cdc.chunk.js", + "args": "", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "vfGrNbR3NHPIb8i1sDwZXapumeCzZ44Vo9T3wYXyXX5Eqntn2gBzvA==" + } + } + } + }, + { + "@timestamp": "2023-07-03T03:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "*/*" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "cors" + }, + { + "name": "sec-fetch-dest", + "value": "empty" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/locales/en-US/info.json", + "args": "v=v1.3.0", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "tyQN06m_gBa9rAP3gsxpoBt7TSbaByGd341sms_h8Rx5ZuuStXe0Yw==" + } + } + } + }, + { + "@timestamp": "2023-07-04T04:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "*/*" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "cors" + }, + { + "name": "sec-fetch-dest", + "value": "empty" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/locales/en-US/servicelog.json", + "args": "v=v1.3.0", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "qD11sEL_uV0sX3XjNEwkB74nGIUy5nefHwn7REK3nU-xYtAEEtCf3w==" + } + } + } + }, + { + "@timestamp": "2023-07-07T07:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "*/*" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "cors" + }, + { + "name": "sec-fetch-dest", + "value": "empty" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/locales/en-US/ekslog.json", + "args": "v=v1.3.0", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "iBmLjtAsp6KQkYMEnSHHdX_4OQ66cG993XlSoMEMBbO6SuvySzuQXQ==" + } + } + } + }, + { + "@timestamp": "2023-07-08T08:08:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "*/*" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "no-cors" + }, + { + "name": "sec-fetch-dest", + "value": "script" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/static/js/54.66e91f12.chunk.js", + "args": "", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "fmndmvBBD1sko0pOCapAyqaPOD1YSuqzw_8gwkHGtVnQ0KxDnBf9sQ==" + } + } + } + }, + { + "@timestamp": "2023-07-09T09:09:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "accept", + "value": "application/json, text/plain, */*" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "cors" + }, + { + "name": "sec-fetch-dest", + "value": "empty" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/aws-exports.json", + "args": "timestamp=1679548658747", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "HM4AuFrQ0scez_PTg9Ie_mtTkcTed0wa6u5Otl7MoYTO7uWEvwHHDw==" + } + } + } + }, + { + "@timestamp": "2023-07-10T10:10:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "*/*" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "no-cors" + }, + { + "name": "sec-fetch-dest", + "value": "script" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/static/js/289.f9fcf639.chunk.js", + "args": "", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "AvozC55PQVeSjj18F5Pl00PIOaImVS6EGoMLWpT84xstY0BaO55hzQ==" + } + } + } + }, + { + "@timestamp": "2023-07-11T11:11:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "accept", + "value": "application/json, text/plain, */*" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "cors" + }, + { + "name": "sec-fetch-dest", + "value": "empty" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/aws-exports.json", + "args": "timestamp=1679548665916", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "SZqmcXIZ9PBSamzQowJBc2bV5eVmhJVJA-wxDSRdP6Gqqnnm6Ll4zw==" + } + } + } + }, + { + "@timestamp": "2023-07-12T08:12:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "accept", + "value": "*/*" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "no-cors" + }, + { + "name": "sec-fetch-dest", + "value": "script" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/static/js/592.57113085.chunk.js", + "args": "", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "ILEgkYBAGPgRq6uo82mbIV6QxFhy4bZVkpel-9AoHEkQNhSX68WpZw==" + } + } + } + }, + { + "@timestamp": "2023-07-13T08:13:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "cache-control", + "value": "max-age=0" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "upgrade-insecure-requests", + "value": "1" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "accept", + "value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7" + }, + { + "name": "sec-fetch-site", + "value": "none" + }, + { + "name": "sec-fetch-mode", + "value": "navigate" + }, + { + "name": "sec-fetch-user", + "value": "?1" + }, + { + "name": "sec-fetch-dest", + "value": "document" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + }, + { + "name": "if-none-match", + "value": "\"af0d9ab1ebeaf8ff3ce34ea9e79f2579\"" + }, + { + "name": "if-modified-since", + "value": "Tue, 31 Jan 2023 09:25:22 GMT" + } + ], + "uri": "/log-pipeline/service-log", + "args": "", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "LZEvUnDWadacvKLRROO1NHZBGpwozTNadZSOAnrJcicJqrHoBUJP0w==" + } + } + } + }, + { + "@timestamp": "2023-07-17T08:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "cache-control", + "value": "max-age=0" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "upgrade-insecure-requests", + "value": "1" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "accept", + "value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7" + }, + { + "name": "sec-fetch-site", + "value": "none" + }, + { + "name": "sec-fetch-mode", + "value": "navigate" + }, + { + "name": "sec-fetch-user", + "value": "?1" + }, + { + "name": "sec-fetch-dest", + "value": "document" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + }, + { + "name": "if-none-match", + "value": "\"af0d9ab1ebeaf8ff3ce34ea9e79f2579\"" + }, + { + "name": "if-modified-since", + "value": "Tue, 31 Jan 2023 09:25:22 GMT" + } + ], + "uri": "/log-pipeline/service-log", + "args": "", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "yr4cC1IFd6ZHD6UmTw_QTayDWwqmyuqce7Q6VqTjFBPpLIybmfcIxg==" + } + } + } + }, + { + "@timestamp": "2023-07-01T09:00:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "cache-control", + "value": "max-age=0" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "upgrade-insecure-requests", + "value": "1" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "accept", + "value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7" + }, + { + "name": "sec-fetch-site", + "value": "none" + }, + { + "name": "sec-fetch-mode", + "value": "navigate" + }, + { + "name": "sec-fetch-user", + "value": "?1" + }, + { + "name": "sec-fetch-dest", + "value": "document" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + }, + { + "name": "if-none-match", + "value": "\"af0d9ab1ebeaf8ff3ce34ea9e79f2579\"" + }, + { + "name": "if-modified-since", + "value": "Tue, 31 Jan 2023 09:25:22 GMT" + } + ], + "uri": "/log-pipeline/service-log", + "args": "", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "jPbv-RPsxtsQ5k9xxyWSKvE9bFlJLTarzMBVDy2xukWleaMpjZh72A==" + } + } + } + }, + { + "@timestamp": "2023-07-10T00:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "cache-control", + "value": "max-age=0" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "upgrade-insecure-requests", + "value": "1" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "accept", + "value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7" + }, + { + "name": "sec-fetch-site", + "value": "none" + }, + { + "name": "sec-fetch-mode", + "value": "navigate" + }, + { + "name": "sec-fetch-user", + "value": "?1" + }, + { + "name": "sec-fetch-dest", + "value": "document" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + }, + { + "name": "if-none-match", + "value": "\"af0d9ab1ebeaf8ff3ce34ea9e79f2579\"" + }, + { + "name": "if-modified-since", + "value": "Tue, 31 Jan 2023 09:25:22 GMT" + } + ], + "uri": "/log-pipeline/service-log", + "args": "", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "KBDRxdNLJ5vN4EN6E7fHA0qqnReXb-hZTYkMV5Qi77DU63I0pjOfsg==" + } + } + } + }, + { + "@timestamp": "2023-07-13T09:00:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "accept", + "value": "application/json, text/plain, */*" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "cors" + }, + { + "name": "sec-fetch-dest", + "value": "empty" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/aws-exports.json", + "args": "timestamp=1679548672251", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "6fz1cJxE2PYMUoi1Y0OIyqNUAZqwiftW5oay3fNrnaBahCkFc-4VCA==" + } + } + } + }, + { + "@timestamp": "2023-07-12T01:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "accept", + "value": "application/json, text/plain, */*" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "cors" + }, + { + "name": "sec-fetch-dest", + "value": "empty" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/aws-exports.json", + "args": "timestamp=1679548669562", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "AiaVoelxpsweW5RAwvj2v37T0Qdzb-YT8PxndPpbJMAFZ3LH8oRElw==" + } + } + } + }, + { + "@timestamp": "2023-07-23T08:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "accept", + "value": "application/json, text/plain, */*" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "cors" + }, + { + "name": "sec-fetch-dest", + "value": "empty" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/aws-exports.json", + "args": "timestamp=1679548678928", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "PM2dHUCB05rj_5pWg6pLfvU-Iu2WcoaNI1HvpPe3_S4pX5As56TRqA==" + } + } + } + }, + { + "@timestamp": "2023-07-23T08:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "accept", + "value": "application/json, text/plain, */*" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "sec-fetch-site", + "value": "same-origin" + }, + { + "name": "sec-fetch-mode", + "value": "cors" + }, + { + "name": "sec-fetch-dest", + "value": "empty" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + } + ], + "uri": "/aws-exports.json", + "args": "timestamp=1679548675203", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "HLBUYRzP8ll-I-2qOho5h8AUrzSjlvWw7DJrDk4VeYx92FugehT68w==" + } + } + } + }, + { + "@timestamp": "2023-07-01T08:14:05.000Z", + "event": { + "result": "ACCEPT", + "name": "waf", + "domain": "waf" + }, + "attributes": { + "data_stream": { + "dataset": "waf_log", + "namespace": "production", + "type": "waf_logs" + } + }, + "cloud": { + "provider": "aws", + "account": { + "id": "111111111111" + }, + "region": "ap-southeast-2", + "resource_id": "vpc-0d4d4e82b7d743527", + "platform": "aws_vpc" + }, + "aws": { + "waf": { + "formatVersion": 1, + "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1", + "terminatingRuleId": "Default_Action", + "terminatingRuleType": "REGULAR", + "action": "ALLOW", + "terminatingRuleMatchDetails": [], + "httpSourceName": "CF", + "httpSourceId": "E13XOUZ3C0STES", + "ruleGroupList": [ + { + "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + }, + { + "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet", + "terminatingRule": null, + "nonTerminatingMatchingRules": [], + "excludedRules": null, + "customerConfig": null + } + ], + "rateBasedRuleList": [], + "nonTerminatingMatchingRules": [], + "requestHeadersInserted": null, + "responseCodeSent": null, + "httpRequest": { + "clientIp": "13.248.48.3", + "country": "HK", + "headers": [ + { + "name": "host", + "value": "d2wusnbjo8x1w7.cloudfront.net" + }, + { + "name": "cache-control", + "value": "max-age=0" + }, + { + "name": "sec-ch-ua", + "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"" + }, + { + "name": "sec-ch-ua-mobile", + "value": "?0" + }, + { + "name": "sec-ch-ua-platform", + "value": "\"macOS\"" + }, + { + "name": "upgrade-insecure-requests", + "value": "1" + }, + { + "name": "user-agent", + "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" + }, + { + "name": "accept", + "value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7" + }, + { + "name": "sec-fetch-site", + "value": "none" + }, + { + "name": "sec-fetch-mode", + "value": "navigate" + }, + { + "name": "sec-fetch-user", + "value": "?1" + }, + { + "name": "sec-fetch-dest", + "value": "document" + }, + { + "name": "accept-encoding", + "value": "gzip, deflate, br" + }, + { + "name": "accept-language", + "value": "en-US,en;q=0.9" + }, + { + "name": "if-none-match", + "value": "\"af0d9ab1ebeaf8ff3ce34ea9e79f2579\"" + }, + { + "name": "if-modified-since", + "value": "Tue, 31 Jan 2023 09:25:22 GMT" + } + ], + "uri": "/log-pipeline/service-log", + "args": "", + "httpVersion": "HTTP/2.0", + "httpMethod": "GET", + "requestId": "QL4r6nTLZ0zEwDNyrrv64BYG6nrLGwQx1WPAsdPeQai6cecRr83rFQ==" + } + } + } + } +] diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/info/README.md b/server/adaptors/integrations/__data__/repository/aws_waf/info/README.md new file mode 100644 index 000000000..3c51586ab --- /dev/null +++ b/server/adaptors/integrations/__data__/repository/aws_waf/info/README.md @@ -0,0 +1,27 @@ +# AWS WAF Log Integration + +## What is AWS WAF? + +AWS WAF (Web Application Firewall) is a web application firewall service that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF provides firewall rules to filter and monitor HTTP/HTTPS requests based on specific conditions. + +AWS WAF can be used for various purposes, such as: + +- Mitigating web application layer DDoS attacks +- Blocking common web attack patterns like SQL injection and cross-site scripting (XSS) +- Filtering traffic based on IP addresses or geographic locations +- Controlling access to specific parts of your application + +AWS WAF allows you to define rules to match specific conditions and then take actions, such as allowing, blocking, or rate-limiting requests, based on those rules. + +See additional details [here](https://aws.amazon.com/waf/). + +## What is AWS WAF Log Integration? + +An integration is a set of pre-configured assets bundled together to facilitate monitoring and analysis. + +AWS WAF log integration includes dashboards, visualizations, queries, and an index mapping. + +### Dashboards +The Dashboard uses the index alias `logs-waf` for shortening the index name - be advised. + +![Dashboard](../static/dashboard.png) diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/schemas/aws_s3-1.0.0.mapping.json b/server/adaptors/integrations/__data__/repository/aws_waf/schemas/aws_s3-1.0.0.mapping.json new file mode 100644 index 000000000..204b9c009 --- /dev/null +++ b/server/adaptors/integrations/__data__/repository/aws_waf/schemas/aws_s3-1.0.0.mapping.json @@ -0,0 +1,171 @@ +{ + "template": { + "mappings": { + "_meta": { + "version": "1.0.0", + "catalog": "observability", + "type": "logs", + "component": "s3" + }, + "properties": { + "aws": { + "type" : "object", + "properties": { + "s3": { + "type" : "object", + "properties": { + "bucket_owner": { + "type": "keyword" + }, + "bucket": { + "type": "text", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 256 + } + } + }, + "remote_ip": { + "type": "text", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 256 + } + } + }, + "requester": { + "type": "text", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 256 + } + } + }, + "request_id": { + "type": "text", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 256 + } + } + }, + "operation": { + "type": "keyword" + }, + "key": { + "type": "text", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 256 + } + } + }, + "copy_source": { + "type": "keyword" + }, + "upload_id": { + "type": "keyword" + }, + "delete": { + "type": "keyword" + }, + "part_number": { + "type": "keyword" + }, + "request_uri": { + "type": "text", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 256 + } + } + }, + "http_status": { + "type": "keyword" + }, + "error_code": { + "type": "keyword" + }, + "bytes_sent": { + "type": "long" + }, + "object_size": { + "type": "long" + }, + "total_time": { + "type": "integer" + }, + "turn_around_time": { + "type": "integer" + }, + "referrer": { + "type": "text", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 256 + } + } + }, + "user_agent": { + "type": "text", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 256 + } + } + }, + "version_id": { + "type": "keyword" + }, + "host_id": { + "type": "text", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 256 + } + } + }, + "signature_version": { + "type": "keyword" + }, + "cipher_suite": { + "type": "text", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 256 + } + } + }, + "authentication_type": { + "type": "keyword" + }, + "host_header": { + "type": "text", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 256 + } + } + }, + "tls_version": { + "type": "keyword" + } + } + } + } + } + } + } + } +} diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/schemas/aws_waf-1.0.0.mapping.json b/server/adaptors/integrations/__data__/repository/aws_waf/schemas/aws_waf-1.0.0.mapping.json new file mode 100644 index 000000000..a05b7c4a0 --- /dev/null +++ b/server/adaptors/integrations/__data__/repository/aws_waf/schemas/aws_waf-1.0.0.mapping.json @@ -0,0 +1,143 @@ +{ + "template": { + "mappings": { + "_meta": { + "version": "1.0.0", + "catalog": "observability", + "type": "logs", + "component": "aws_waf" + }, + "properties": { + "aws": { + "type": "object", + "properties": { + "waf": { + "type": "object", + "properties": { + "action": { + "type": "keyword" + }, + "formatVersion": { + "type": "keyword" + }, + "httpRequest": { + "properties": { + "args": { + "type": "text", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 256 + } + } + }, + "clientIp": { + "type": "ip" + }, + "country": { + "type": "keyword" + }, + "headers": { + "properties": { + "name": { + "type": "keyword" + }, + "value": { + "type": "text", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 256 + } + } + } + } + }, + "httpMethod": { + "type": "keyword" + }, + "httpVersion": { + "type": "keyword" + }, + "requestId": { + "type": "text", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 256 + } + } + }, + "uri": { + "type": "text", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 256 + } + } + } + } + }, + "httpSourceId": { + "type": "keyword" + }, + "httpSourceName": { + "type": "keyword" + }, + "labels": { + "properties": { + "name": { + "type": "text", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 256 + } + } + } + } + }, + "ruleGroupList": { + "properties": { + "ruleGroupId": { + "type": "keyword" + }, + "terminatingRule": { + "properties": { + "action": { + "type": "keyword" + }, + "ruleId": { + "type": "keyword" + } + } + } + } + }, + "terminatingRuleId": { + "type": "keyword" + }, + "terminatingRuleType": { + "type": "keyword" + }, + "webaclId": { + "type": "text", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 256 + } + } + }, + "webaclName": { + "type": "keyword" + } + } + } + } + } + } + } + } +} diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/schemas/cloud-1.0.0.mapping.json b/server/adaptors/integrations/__data__/repository/aws_waf/schemas/cloud-1.0.0.mapping.json new file mode 100644 index 000000000..c14bbf327 --- /dev/null +++ b/server/adaptors/integrations/__data__/repository/aws_waf/schemas/cloud-1.0.0.mapping.json @@ -0,0 +1,42 @@ +{ + "template": { + "mappings": { + "_meta": { + "version": "1.0.0", + "catalog": "observability", + "type": "logs", + "component": "cloud" + }, + "properties": { + "cloud": { + "type" : "object", + "properties": { + "provider": { + "type": "keyword" + }, + "account": { + "type": "object", + "properties": { + "id": { + "type": "keyword" + } + } + }, + "region": { + "type": "keyword" + }, + "resource_id": { + "type": "keyword" + }, + "availability_zone": { + "type": "keyword" + }, + "platform": { + "type": "keyword" + } + } + } + } + } + } +} diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/schemas/logs_waf-1.0.0.mapping.json b/server/adaptors/integrations/__data__/repository/aws_waf/schemas/logs_waf-1.0.0.mapping.json new file mode 100644 index 000000000..ec4668a28 --- /dev/null +++ b/server/adaptors/integrations/__data__/repository/aws_waf/schemas/logs_waf-1.0.0.mapping.json @@ -0,0 +1,248 @@ +{ + "index_patterns": [ + "ss4o_logs-aws_waf-*" + ], + "priority": 900, + "data_stream": {}, + "template": { + "aliases": { + "logs-waf": {} + }, + "mappings": { + "_meta": { + "version": "1.0.0", + "catalog": "observability", + "type": "logs", + "component": "log", + "correlations": [ + { + "field": "spanId", + "foreign-schema": "traces", + "foreign-field": "spanId" + }, + { + "field": "traceId", + "foreign-schema": "traces", + "foreign-field": "traceId" + } + ] + }, + "_source": { + "enabled": true + }, + "dynamic_templates": [ + { + "resources_map": { + "mapping": { + "type": "keyword" + }, + "path_match": "resource.*" + } + }, + { + "attributes_map": { + "mapping": { + "type": "keyword" + }, + "path_match": "attributes.*" + } + }, + { + "instrumentation_scope_attributes_map": { + "mapping": { + "type": "keyword" + }, + "path_match": "instrumentationScope.attributes.*" + } + } + ], + "properties": { + "severity": { + "properties": { + "number": { + "type": "long" + }, + "text": { + "type": "text", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 256 + } + } + } + } + }, + "attributes": { + "type": "object", + "properties": { + "data_stream": { + "properties": { + "dataset": { + "ignore_above": 128, + "type": "keyword" + }, + "namespace": { + "ignore_above": 128, + "type": "keyword" + }, + "type": { + "ignore_above": 56, + "type": "keyword" + } + } + } + } + }, + "body": { + "type": "text" + }, + "@message": { + "type": "alias", + "path": "body" + }, + "@timestamp": { + "type": "date" + }, + "observedTimestamp": { + "type": "date" + }, + "observerTime": { + "type": "alias", + "path": "observedTimestamp" + }, + "traceId": { + "ignore_above": 256, + "type": "keyword" + }, + "spanId": { + "ignore_above": 256, + "type": "keyword" + }, + "schemaUrl": { + "type": "text", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 256 + } + } + }, + "instrumentationScope": { + "properties": { + "name": { + "type": "text", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 128 + } + } + }, + "version": { + "type": "text", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 256 + } + } + }, + "dropped_attributes_count": { + "type": "integer" + }, + "schemaUrl": { + "type": "text", + "fields": { + "keyword": { + "type": "keyword", + "ignore_above": 256 + } + } + } + } + }, + "event": { + "properties": { + "domain": { + "ignore_above": 256, + "type": "keyword" + }, + "name": { + "ignore_above": 256, + "type": "keyword" + }, + "source": { + "ignore_above": 256, + "type": "keyword" + }, + "category": { + "ignore_above": 256, + "type": "keyword" + }, + "type": { + "ignore_above": 256, + "type": "keyword" + }, + "kind": { + "ignore_above": 256, + "type": "keyword" + }, + "result": { + "ignore_above": 256, + "type": "keyword" + }, + "exception": { + "properties": { + "message": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 256, + "type": "keyword" + }, + "stacktrace": { + "type": "text" + } + } + } + } + } + } + }, + "settings": { + "index": { + "mapping": { + "total_fields": { + "limit": 10000 + } + }, + "refresh_interval": "5s" + } + } + }, + "composed_of": [ + "cloud", + "aws_waf", + "aws_s3" + ], + "version": 1, + "_meta": { + "description": "Simple Schema For Observability", + "catalog": "observability", + "type": "logs", + "correlations": [ + { + "field": "spanId", + "foreign-schema": "traces", + "foreign-field": "spanId" + }, + { + "field": "traceId", + "foreign-schema": "traces", + "foreign-field": "traceId" + } + ] + } +} diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/static/dashboard.png b/server/adaptors/integrations/__data__/repository/aws_waf/static/dashboard.png new file mode 100644 index 000000000..2443cc5b5 Binary files /dev/null and b/server/adaptors/integrations/__data__/repository/aws_waf/static/dashboard.png differ diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/static/logo.jpg b/server/adaptors/integrations/__data__/repository/aws_waf/static/logo.jpg new file mode 100644 index 000000000..28ed54018 Binary files /dev/null and b/server/adaptors/integrations/__data__/repository/aws_waf/static/logo.jpg differ