diff --git a/.env b/.env
index 997507e85..ce311ad44 100644
--- a/.env
+++ b/.env
@@ -1,3 +1,3 @@
# version for opensearch & opensearch-dashboards docker image
-VERSION=2.9.0
+VERSION=3.0.0
diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/assets/aws_waf-1.0.0.ndjson b/server/adaptors/integrations/__data__/repository/aws_waf/assets/aws_waf-1.0.0.ndjson
new file mode 100644
index 000000000..fdbe42a5e
--- /dev/null
+++ b/server/adaptors/integrations/__data__/repository/aws_waf/assets/aws_waf-1.0.0.ndjson
@@ -0,0 +1,24 @@
+{"attributes":{"fields":"[{\"count\":0,\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.waf.action\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.waf.formatVersion\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host\"}}},{\"count\":0,\"name\":\"aws.waf.httpRequest.args\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.waf.httpRequest.args.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.waf.httpRequest.args\"}}},{\"count\":0,\"name\":\"aws.waf.httpRequest.clientIp\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.waf.httpRequest.country\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.waf.httpRequest.headers.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.waf.httpRequest.headers.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.waf.httpRequest.headers.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.waf.httpRequest.headers.value\"}}},{\"count\":0,\"name\":\"aws.waf.httpRequest.httpMethod\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.waf.httpRequest.httpVersion\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.waf.httpRequest.requestId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.waf.httpRequest.requestId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.waf.httpRequest.requestId\"}}},{\"count\":0,\"name\":\"aws.waf.httpRequest.uri\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.waf.httpRequest.uri.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.waf.httpRequest.uri\"}}},{\"count\":0,\"name\":\"aws.waf.httpSourceId\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.waf.httpSourceName\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.waf.labels.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.waf.labels.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.waf.labels.name\"}}},{\"count\":0,\"name\":\"aws.waf.ruleGroupList.ruleGroupId\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.waf.ruleGroupList.terminatingRule.aws.waf.action\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.waf.ruleGroupList.terminatingRule.ruleId\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.waf.terminatingRuleId\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.waf.terminatingRuleType\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"userAgent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"userAgent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"userAgent\"}}},{\"count\":0,\"name\":\"aws.waf.webaclId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.waf.webaclId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.waf.webaclId\"}}},{\"count\":0,\"name\":\"webaclName\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"@timestamp","title":"logs-waf-*"},"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MTgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Top Client IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"logs-waf-Top Client IPs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.httpRequest.clientIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"71b2a6fc-6c2e-42d4-82b6-4f5a2741f63f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MTksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Total Requests","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-waf-Total Requests\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"aws.waf.labels\":{\"show\":false},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"}}"},"id":"58bb62ff-66e4-4dab-9b64-c8cf812c46a2","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MjAsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"aws.waf.action:BLOCK\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Total Blocked Requests","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-waf-Total Blocked Requests\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"aws.waf.labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"1e59055f-d033-4e25-985c-2902e5d138ea","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MjEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Country or Region By Requests","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-waf-Country or Region By Requests\",\"type\":\"region_map\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.httpRequest.country\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"legendPosition\":\"bottomright\",\"addTooltip\":true,\"colorSchema\":\"Yellow to Red\",\"selectedLayer\":{\"name\":\"World Countries\",\"origin\":\"elastic_maps_service\",\"id\":\"world_countries\",\"created_at\":\"2017-04-26T17:12:15.978370\",\"attribution\":\"Made with NaturalEarth | Elastic Maps Service\",\"fields\":[{\"type\":\"id\",\"name\":\"iso2\",\"description\":\"ISO 3166-1 alpha-2 code\"},{\"type\":\"id\",\"name\":\"iso3\",\"description\":\"ISO 3166-1 alpha-3 code\"},{\"type\":\"property\",\"name\":\"name\",\"description\":\"name\"}],\"format\":{\"type\":\"geojson\"},\"layerId\":\"elastic_maps_service.World Countries\",\"isEMS\":true},\"emsHotLink\":\"https://maps.elastic.co/v6.7?locale=en#file/world_countries\",\"selectedJoinField\":{\"type\":\"id\",\"name\":\"iso2\",\"description\":\"ISO 3166-1 alpha-2 code\"},\"isDisplayWarning\":true,\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"selectedTmsLayer\":{\"default\":true,\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"\",\"id\":\"TMS in config/kibana.yml\",\"origin\":\"self_hosted\"}},\"mapZoom\":2,\"mapCenter\":[0,0],\"outlineWeight\":1,\"showAllShapes\":true}}"},"id":"3cb53d17-ac34-45db-aaeb-97791c9d82d2","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MjIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Executed WAF Rules","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-waf-Executed WAF Rules\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.terminatingRuleId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"aws.waf.labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"912530c2-48a6-4618-8010-b8007e44ed2c","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MjMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"title":"logs-waf-Filters","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-waf-Filters\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"fieldName\":\"webaclName\",\"id\":\"1565169719620\",\"label\":\"WebACL\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1565775477773\",\"fieldName\":\"aws.waf.terminatingRuleType\",\"parent\":\"\",\"label\":\"Rule Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"fieldName\":\"aws.waf.action\",\"id\":\"1565169899571\",\"label\":\"aws.waf.action\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"indexPatternRefName\":\"control_2_index_pattern\"},{\"fieldName\":\"aws.waf.httpRequest.country\",\"id\":\"1565170498755\",\"label\":\"Country or Region\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1565182161719\",\"fieldName\":\"host.keyword\",\"parent\":\"\",\"label\":\"Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"},{\"fieldName\":\"aws.waf.httpRequest.clientIp\",\"id\":\"1565170536048\",\"label\":\"Client IP\",\"options\":{\"dynamicOptions\":true,\"multiselect\":false,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"indexPatternRefName\":\"control_5_index_pattern\"},{\"id\":\"1647912414472\",\"fieldName\":\"aws.waf.httpSourceId\",\"parent\":\"\",\"label\":\"Source\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_6_index_pattern\"},{\"fieldName\":\"aws.waf.ruleGroupList.ruleGroupId\",\"id\":\"1565169760470\",\"label\":\"Rule\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"indexPatternRefName\":\"control_7_index_pattern\"},{\"id\":\"1647911642407\",\"fieldName\":\"aws.waf.labels.name.keyword\",\"parent\":\"\",\"label\":\"Label\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_8_index_pattern\"}],\"pinFilters\":true,\"updateFiltersOnChange\":true,\"useTimeFilter\":false}}"},"id":"4394f245-57e6-475e-ad33-cd29742e2b8a","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"control_0_index_pattern","type":"index-pattern"},{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"control_1_index_pattern","type":"index-pattern"},{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"control_2_index_pattern","type":"index-pattern"},{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"control_3_index_pattern","type":"index-pattern"},{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"control_4_index_pattern","type":"index-pattern"},{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"control_5_index_pattern","type":"index-pattern"},{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"control_6_index_pattern","type":"index-pattern"},{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"control_7_index_pattern","type":"index-pattern"},{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"control_8_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2022-03-22T01:29:36.328Z","version":"WzEyMzc3LDFd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Top Countries or Regions","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"logs-waf-Top Countries or Regions\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.httpRequest.country\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country or Region\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"ecc648d9-2b36-46c4-a527-7fbccad61ba8","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MjUsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Top User-Agents","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}","version":1,"visState":"{\"title\":\"logs-waf-Top User-Agents\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"userAgent.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User-Agent\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"b12eee40-37c6-436e-bcfb-d993d3a51aca","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MjYsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-HTTP Methods","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-waf-HTTP Methods\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.httpRequest.httpMethod\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"aws.waf.labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"c02eb336-6502-4ac4-aa53-91de17910031","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MjcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Unique Client IPs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-waf-Unique Client IPs\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"aws.waf.httpRequest.clientIp\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"aws.waf.labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"866d8631-5f43-4246-8c7d-ed39d70c9a9f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MjksMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Top Hosts","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"logs-waf-Top Hosts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"exclude\":\"\",\"include\":\"\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"row\":true}}"},"id":"e9522627-5bf8-4a3e-b995-0037300bb082","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MzEsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Top WebACLs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"logs-waf-Top WebACLs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"webaclName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"WebACL Name\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.webaclId.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"WebACL ID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"1935ea3d-8155-44d4-b837-8a1397f00980","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MzIsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Top Rules","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"logs-waf-Top Rules\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.terminatingRuleId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Rule Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"3fa73516-89de-41c8-bacf-035da4e959af","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MzMsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Top Request URIs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"logs-waf-Top Request URIs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.httpRequest.uri.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"URI\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":0,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"a0cac454-18c9-4099-91bb-93a76512bb93","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MzQsMV0="}
+{"attributes":{"columns":["aws.waf.httpRequest.clientIp","aws.waf.httpRequest.args","aws.waf.httpRequest.uri","host","aws.waf.httpRequest.country","aws.waf.action","aws.waf.labels","terminatingRuleMatchDetails","aws.waf.terminatingRuleId"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"logs-waf-Matched Details","version":1},"id":"d0ee6b41-8ebb-44a2-9ea7-86251ae7e089","migrationVersion":{"search":"7.9.3"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2022-03-22T01:57:25.407Z","version":"WzEyNDQ4LDFd"}
+{"attributes":{"columns":["aws.waf.httpRequest.clientIp","terminatingRuleMatchDetails","aws.waf.labels","aws.waf.ruleGroupList","rateBasedRuleList","aws.waf.httpRequest.args","aws.waf.terminatingRuleId","aws.waf.action","nonTerminatingMatchingRules"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"aws.waf.terminatingRuleId:*\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"logs-waf-Terminating Matching Rule","version":1},"id":"712af10a-14a8-4eca-b791-ea701f80529f","migrationVersion":{"search":"7.9.3"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2022-03-21T02:29:23.065Z","version":"WzExNTE2LDFd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Web ACLs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-waf-Web ACLs\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"webaclName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"aws.waf.labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"f3400632-1596-403b-a447-57bc3971246e","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MzcsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Requests History","uiStateJSON":"{\"vis\":{\"colors\":{\"BLOCK\":\"#E24D42\",\"ALLOW\":\"#629E51\"}}}","version":1,"visState":"{\"title\":\"logs-waf-Requests History\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"2022-03-22T19:00:00.000Z\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"aws.waf.labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"aws.waf.labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"aws.waf.labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"3390bff0-ab15-11ec-b721-5f83aa22d08e","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-03-24T02:02:37.452Z","version":"WzEzMDI2LDFd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Requests by Source","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-waf-Requests by Source\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.httpSourceId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"aws.waf.labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"9b152580-ab15-11ec-b721-5f83aa22d08e","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-03-24T01:57:39.337Z","version":"WzEyODMyLDFd"}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Block Allow Host Uri","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}}}","version":1,"visState":"{\"title\":\"logs-waf-Block Allow Host Uri\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.httpRequest.uri.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request URI\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":3,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"aws.waf.action\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"fb588f28-934f-4476-94f4-cd99ad90be69","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-11T09:24:16.830Z","version":"WzQ5MzgsMV0="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-waf-Top aws.waf.labels","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"logs-waf-Top aws.waf.labels\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.labels.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Label\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.waf.httpRequest.uri.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request URI\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"642534d0-72c0-11ec-acf9-63f0c6197356","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"d3ff0302-3337-452b-afd2-4e4f87fd37ca","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-01-12T01:39:20.829Z","version":"WzU0NzgsMV0="}
+{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{\"hidePanelTitles\":false,\"table\":null,\"title\":\"Top Client IPs\",\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":17,\"i\":\"1\",\"w\":12,\"x\":12,\"y\":63},\"panelIndex\":\"1\",\"title\":\"Top Client IPs\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Total Requests\"},\"gridData\":{\"h\":6,\"i\":\"2\",\"w\":12,\"x\":0,\"y\":8},\"panelIndex\":\"2\",\"title\":\"Total Requests\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Total Blocked Requests\"},\"gridData\":{\"h\":6,\"i\":\"3\",\"w\":12,\"x\":0,\"y\":14},\"panelIndex\":\"3\",\"title\":\"Total Blocked Requests\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Country or Region By Requests\"},\"gridData\":{\"h\":22,\"i\":\"6\",\"w\":36,\"x\":0,\"y\":26},\"panelIndex\":\"6\",\"title\":\"Country or Region By Requests\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"WAF Rules\"},\"gridData\":{\"h\":12,\"i\":\"8\",\"w\":12,\"x\":36,\"y\":12},\"panelIndex\":\"8\",\"title\":\"WAF Rules\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Filters\"},\"gridData\":{\"h\":8,\"i\":\"9\",\"w\":36,\"x\":0,\"y\":0},\"panelIndex\":\"9\",\"title\":\"Filters\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Top Countries or Regions\"},\"gridData\":{\"h\":15,\"i\":\"10\",\"w\":12,\"x\":36,\"y\":48},\"panelIndex\":\"10\",\"title\":\"Top Countries or Regions\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Top User Agents\"},\"gridData\":{\"h\":17,\"i\":\"11\",\"w\":24,\"x\":24,\"y\":63},\"panelIndex\":\"11\",\"title\":\"Top User Agents\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"HTTP Methods\"},\"gridData\":{\"h\":12,\"i\":\"12\",\"w\":12,\"x\":36,\"y\":36},\"panelIndex\":\"12\",\"title\":\"HTTP Methods\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Unique Client IPs\"},\"gridData\":{\"h\":6,\"i\":\"14\",\"w\":12,\"x\":0,\"y\":20},\"panelIndex\":\"14\",\"title\":\"Unique Client IPs\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Top Hosts\"},\"gridData\":{\"h\":15,\"i\":\"16\",\"w\":12,\"x\":12,\"y\":48},\"panelIndex\":\"16\",\"title\":\"Top Hosts\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Top WebACLs\"},\"gridData\":{\"h\":15,\"i\":\"17\",\"w\":12,\"x\":0,\"y\":48},\"panelIndex\":\"17\",\"title\":\"Top WebACLs\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Top Rules\"},\"gridData\":{\"h\":17,\"i\":\"18\",\"w\":12,\"x\":0,\"y\":63},\"panelIndex\":\"18\",\"title\":\"Top Rules\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Top Request URIs\"},\"gridData\":{\"h\":15,\"i\":\"19\",\"w\":12,\"x\":24,\"y\":48},\"panelIndex\":\"19\",\"title\":\"Top Request URIs\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"View by aws.waf.httpRequest args,uri,path\"},\"gridData\":{\"h\":18,\"i\":\"20\",\"w\":48,\"x\":0,\"y\":118},\"panelIndex\":\"20\",\"title\":\"View by aws.waf.httpRequest args,uri,path\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_14\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"View by Matching Rule\"},\"gridData\":{\"h\":20,\"i\":\"21\",\"w\":48,\"x\":0,\"y\":98},\"panelIndex\":\"21\",\"title\":\"View by Matching Rule\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_15\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Web ACLs\"},\"gridData\":{\"h\":12,\"i\":\"4e8b942b-3972-4139-915d-521de2e22574\",\"w\":12,\"x\":36,\"y\":0},\"panelIndex\":\"4e8b942b-3972-4139-915d-521de2e22574\",\"title\":\"Web ACLs\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_16\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Requests History\",\"vis\":{\"colors\":{\"ALLOW\":\"#629E51\",\"BLOCK\":\"#BF1B00\"}}},\"gridData\":{\"h\":18,\"i\":\"61ab1f0a-1eb6-4a0a-9673-83506e61ecef\",\"w\":24,\"x\":12,\"y\":8},\"panelIndex\":\"61ab1f0a-1eb6-4a0a-9673-83506e61ecef\",\"title\":\"Requests History\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_17\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Sources\"},\"gridData\":{\"h\":12,\"i\":\"82f50929-a6d5-455d-a3a7-4434b508b749\",\"w\":12,\"x\":36,\"y\":24},\"panelIndex\":\"82f50929-a6d5-455d-a3a7-4434b508b749\",\"title\":\"Sources\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_18\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"table\":null,\"title\":\"Block Allow Host Uri\",\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":18,\"i\":\"e48a3b9d-d533-4c45-9263-9f1c946d0e82\",\"w\":24,\"x\":0,\"y\":80},\"panelIndex\":\"e48a3b9d-d533-4c45-9263-9f1c946d0e82\",\"title\":\"Block Allow Host Uri\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_19\"},{\"embeddableConfig\":{\"hidePanelTitles\":false,\"title\":\"Top aws.waf.labels with Host, Uri\"},\"gridData\":{\"h\":18,\"i\":\"0d730c5b-bdc3-4ff7-9cd5-2a729303b66d\",\"w\":24,\"x\":24,\"y\":80},\"panelIndex\":\"0d730c5b-bdc3-4ff7-9cd5-2a729303b66d\",\"title\":\"Top aws.waf.labels with Host, Uri\",\"version\":\"1.0.0-SNAPSHOT\",\"panelRefName\":\"panel_20\"}]","timeRestore":false,"title":"logs-waf-dashboard","version":1},"id":"3ce97e1e-b385-4841-8152-c3bce7d68d1f","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"71b2a6fc-6c2e-42d4-82b6-4f5a2741f63f","name":"panel_0","type":"visualization"},{"id":"58bb62ff-66e4-4dab-9b64-c8cf812c46a2","name":"panel_1","type":"visualization"},{"id":"1e59055f-d033-4e25-985c-2902e5d138ea","name":"panel_2","type":"visualization"},{"id":"3cb53d17-ac34-45db-aaeb-97791c9d82d2","name":"panel_3","type":"visualization"},{"id":"912530c2-48a6-4618-8010-b8007e44ed2c","name":"panel_4","type":"visualization"},{"id":"4394f245-57e6-475e-ad33-cd29742e2b8a","name":"panel_5","type":"visualization"},{"id":"ecc648d9-2b36-46c4-a527-7fbccad61ba8","name":"panel_6","type":"visualization"},{"id":"b12eee40-37c6-436e-bcfb-d993d3a51aca","name":"panel_7","type":"visualization"},{"id":"c02eb336-6502-4ac4-aa53-91de17910031","name":"panel_8","type":"visualization"},{"id":"866d8631-5f43-4246-8c7d-ed39d70c9a9f","name":"panel_9","type":"visualization"},{"id":"e9522627-5bf8-4a3e-b995-0037300bb082","name":"panel_10","type":"visualization"},{"id":"1935ea3d-8155-44d4-b837-8a1397f00980","name":"panel_11","type":"visualization"},{"id":"3fa73516-89de-41c8-bacf-035da4e959af","name":"panel_12","type":"visualization"},{"id":"a0cac454-18c9-4099-91bb-93a76512bb93","name":"panel_13","type":"visualization"},{"id":"d0ee6b41-8ebb-44a2-9ea7-86251ae7e089","name":"panel_14","type":"search"},{"id":"712af10a-14a8-4eca-b791-ea701f80529f","name":"panel_15","type":"search"},{"id":"f3400632-1596-403b-a447-57bc3971246e","name":"panel_16","type":"visualization"},{"id":"3390bff0-ab15-11ec-b721-5f83aa22d08e","name":"panel_17","type":"visualization"},{"id":"9b152580-ab15-11ec-b721-5f83aa22d08e","name":"panel_18","type":"visualization"},{"id":"fb588f28-934f-4476-94f4-cd99ad90be69","name":"panel_19","type":"visualization"},{"id":"642534d0-72c0-11ec-acf9-63f0c6197356","name":"panel_20","type":"visualization"}],"type":"dashboard","updated_at":"2022-03-24T02:00:22.332Z","version":"WzEyOTI4LDFd"}
+{"exportedCount":23,"missingRefCount":0,"missingReferences":[]}
diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/aws_waf-1.0.0.json b/server/adaptors/integrations/__data__/repository/aws_waf/aws_waf-1.0.0.json
new file mode 100644
index 000000000..439704b87
--- /dev/null
+++ b/server/adaptors/integrations/__data__/repository/aws_waf/aws_waf-1.0.0.json
@@ -0,0 +1,49 @@
+{
+ "name": "aws_waf",
+ "version": "1.0.0",
+ "displayName": "AWS waf",
+ "description": "AWS waf log collector",
+ "license": "Apache-2.0",
+ "type": "logs_waf",
+ "author": "OpenSearch",
+ "sourceUrl": "https://github.com/opensearch-project/dashboards-observability/tree/main/server/adaptors/integrations/__data__/repository/aws_waf/info",
+ "statics": {
+ "logo": {
+ "annotation": "AWS waf Logo",
+ "path": "logo.jpg"
+ },
+ "gallery": [
+ {
+ "annotation": "AWS waf Log Dashboard",
+ "path": "dashboard.png"
+ }
+ ]
+ },
+ "components": [
+ {
+ "name": "aws_waf",
+ "version": "1.0.0"
+ },
+ {
+ "name": "cloud",
+ "version": "1.0.0"
+ },
+ {
+ "name": "logs_waf",
+ "version": "1.0.0"
+ },
+ {
+ "name": "aws_s3",
+ "version": "1.0.0"
+ }
+ ],
+ "assets": {
+ "savedObjects": {
+ "name": "aws_waf",
+ "version": "1.0.0"
+ }
+ },
+ "sampleData": {
+ "path": "samples.json"
+ }
+}
diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/data/samples-raw.json b/server/adaptors/integrations/__data__/repository/aws_waf/data/samples-raw.json
new file mode 100644
index 000000000..f2fc953fd
--- /dev/null
+++ b/server/adaptors/integrations/__data__/repository/aws_waf/data/samples-raw.json
@@ -0,0 +1,38 @@
+{"timestamp":1679548657700,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"no-cors"},{"name":"sec-fetch-dest","value":"image"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/favicon.ico","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"a8i7U3kgh9ZgC-i_-vuB9ycuY1yXZA2C93SommMJO-NSZ8w1EfbQTA=="}}
+{"timestamp":1679548655120,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"text/css,*/*;q=0.1"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"no-cors"},{"name":"sec-fetch-dest","value":"style"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/static/css/main.3c74189a.css","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"Nwcv2BEFdfsvUgaBa878YM2DqeOJvjgYTi_D1OZ7zsluZDCsscmgig=="}}
+{"timestamp":1679548658454,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en-US/cluster.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"9EBB1jusDQ4BJHy7Im56e5obUGBHLcJ0-d6PwMZ1DCoEApsumJFKCw=="}}
+{"timestamp":1679548660209,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"no-cors"},{"name":"sec-fetch-dest","value":"script"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/static/js/704.0fc9620b.chunk.js","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"PCylxlN5B7WYLr9E-FsDoRtynBLm6s5aKn-gYhFFn74KV0H6mtM2bA=="}}
+{"timestamp":1679548657700,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en/info.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"KtWGg2zob530o7N5bNUT2zRbco11OGdsdYgcCmFAzUluNx3QgSQEJw=="}}
+{"timestamp":1679548657700,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en-US/common.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"_F-SWxrC9nZ22jplLSvC7_ox2Jx2xPFE9HYT4tQtOcAYJwBrg1v6NQ=="}}
+{"timestamp":1679548654049,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"upgrade-insecure-requests","value":"1"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"accept","value":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"},{"name":"sec-fetch-site","value":"none"},{"name":"sec-fetch-mode","value":"navigate"},{"name":"sec-fetch-user","value":"?1"},{"name":"sec-fetch-dest","value":"document"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/log-pipeline/service-log","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"pytY5ev4ebR05f9mQGOnwufqXpk_FbsgRuFjd9cihOg42IqyE9Gx0Q=="}}
+{"timestamp":1679548657700,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en/ekslog.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"y34C69VSSUEMC3BippLVEXzZnQoBttgRdH6R1rZExLwc2lZIt6X2sA=="}}
+{"timestamp":1679548657700,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en/applog.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"W2b9qzn-ubH9iI-8NUXzC0WFMWmfO5A7cOEEDqzBzbdfpSUKdv2Mfw=="}}
+{"timestamp":1679548657700,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en/resource.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"r0JWgRulEiWPnFXo0Kcu-nBQeaIX1X9f2EfUdvFFQMXsxBKkc27J0A=="}}
+{"timestamp":1679548657699,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en/cluster.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"9F8xi5ujMH1et6Ysh_-2VQhiIAgLYJkA6bejtXBuIl7lx1QKDxUxtQ=="}}
+{"timestamp":1679548657701,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en-US/home.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"iPfEWiMKyaM6iFv3XGLK9hvQt7ZchJXnV-hBr-DFdWnYlH04h0ZRzw=="}}
+{"timestamp":1679548661128,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"no-cors"},{"name":"sec-fetch-dest","value":"script"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/static/js/171.b2862bb4.chunk.js","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"imCy2Tz9QYBNeRoKSbwnueyJbqltF52pBw6RRoQ95TyTtmbC8R_vvg=="}}
+{"timestamp":1679548655117,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"no-cors"},{"name":"sec-fetch-dest","value":"script"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/static/js/main.1fce72cf.js","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"YF_xCzvlSslgoa6sHVY78bbK9JyI5xZv4ofP-o3FcwLtCjDho4VtOQ=="}}
+{"timestamp":1679548657699,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en/common.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"3hCiWgV0BpwLCt1e9nvpFQGM7QMSj-g40cb5pTvi3Z_5diK-0TaUJQ=="}}
+{"timestamp":1679548657699,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en/servicelog.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"MEkdaSTQMtuUA_whHiIM3l3wpPthbiFLV5GHVIfx39O8dKRrotcZew=="}}
+{"timestamp":1679548658487,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en-US/resource.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"wbUO-9AVJzjhJHFdjd5cmouNp4ulDmm4hYbAQqdKRAS3o59mlwo9pA=="}}
+{"timestamp":1679548657700,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en/home.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"MTcYuStUpGv5GcTKzDVKrpTO1P91eESO0K3dkDJ87a6MzAWK33ZKww=="}}
+{"timestamp":1679548658458,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en-US/applog.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"MP4ldvR5h-k1hYZyNUe3npEQdNsF1upPYgZDAUBAfpTY6ydjehgszQ=="}}
+{"timestamp":1679548660212,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"no-cors"},{"name":"sec-fetch-dest","value":"script"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/static/js/156.e12ab3ef.chunk.js","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"ZEec9twgKzh-7M5mBk31JG1cgpZaq6JCEvJ0P7rss0q66ID-NRorWw=="}}
+{"timestamp":1679548662021,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"no-cors"},{"name":"sec-fetch-dest","value":"script"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/static/js/42.a78e6cdc.chunk.js","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"vfGrNbR3NHPIb8i1sDwZXapumeCzZ44Vo9T3wYXyXX5Eqntn2gBzvA=="}}
+{"timestamp":1679548658495,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en-US/info.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"tyQN06m_gBa9rAP3gsxpoBt7TSbaByGd341sms_h8Rx5ZuuStXe0Yw=="}}
+{"timestamp":1679548658458,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en-US/servicelog.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"qD11sEL_uV0sX3XjNEwkB74nGIUy5nefHwn7REK3nU-xYtAEEtCf3w=="}}
+{"timestamp":1679548658458,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/locales/en-US/ekslog.json","args":"v=v1.3.0","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"iBmLjtAsp6KQkYMEnSHHdX_4OQ66cG993XlSoMEMBbO6SuvySzuQXQ=="}}
+{"timestamp":1679548661131,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"no-cors"},{"name":"sec-fetch-dest","value":"script"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/static/js/54.66e91f12.chunk.js","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"fmndmvBBD1sko0pOCapAyqaPOD1YSuqzw_8gwkHGtVnQ0KxDnBf9sQ=="}}
+{"timestamp":1679548659321,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"accept","value":"application/json, text/plain, */*"},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/aws-exports.json","args":"timestamp=1679548658747","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"HM4AuFrQ0scez_PTg9Ie_mtTkcTed0wa6u5Otl7MoYTO7uWEvwHHDw=="}}
+{"timestamp":1679548661130,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"no-cors"},{"name":"sec-fetch-dest","value":"script"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/static/js/289.f9fcf639.chunk.js","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"AvozC55PQVeSjj18F5Pl00PIOaImVS6EGoMLWpT84xstY0BaO55hzQ=="}}
+{"timestamp":1679548666813,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"accept","value":"application/json, text/plain, */*"},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/aws-exports.json","args":"timestamp=1679548665916","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"SZqmcXIZ9PBSamzQowJBc2bV5eVmhJVJA-wxDSRdP6Gqqnnm6Ll4zw=="}}
+{"timestamp":1679548660212,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"accept","value":"*/*"},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"no-cors"},{"name":"sec-fetch-dest","value":"script"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/static/js/592.57113085.chunk.js","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"ILEgkYBAGPgRq6uo82mbIV6QxFhy4bZVkpel-9AoHEkQNhSX68WpZw=="}}
+{"timestamp":1679548674691,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"cache-control","value":"max-age=0"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"upgrade-insecure-requests","value":"1"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"accept","value":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"},{"name":"sec-fetch-site","value":"none"},{"name":"sec-fetch-mode","value":"navigate"},{"name":"sec-fetch-user","value":"?1"},{"name":"sec-fetch-dest","value":"document"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"},{"name":"if-none-match","value":"\"af0d9ab1ebeaf8ff3ce34ea9e79f2579\""},{"name":"if-modified-since","value":"Tue, 31 Jan 2023 09:25:22 GMT"}],"uri":"/log-pipeline/service-log","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"LZEvUnDWadacvKLRROO1NHZBGpwozTNadZSOAnrJcicJqrHoBUJP0w=="}}
+{"timestamp":1679548665306,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"cache-control","value":"max-age=0"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"upgrade-insecure-requests","value":"1"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"accept","value":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"},{"name":"sec-fetch-site","value":"none"},{"name":"sec-fetch-mode","value":"navigate"},{"name":"sec-fetch-user","value":"?1"},{"name":"sec-fetch-dest","value":"document"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"},{"name":"if-none-match","value":"\"af0d9ab1ebeaf8ff3ce34ea9e79f2579\""},{"name":"if-modified-since","value":"Tue, 31 Jan 2023 09:25:22 GMT"}],"uri":"/log-pipeline/service-log","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"yr4cC1IFd6ZHD6UmTw_QTayDWwqmyuqce7Q6VqTjFBPpLIybmfcIxg=="}}
+{"timestamp":1679548669345,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"cache-control","value":"max-age=0"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"upgrade-insecure-requests","value":"1"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"accept","value":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"},{"name":"sec-fetch-site","value":"none"},{"name":"sec-fetch-mode","value":"navigate"},{"name":"sec-fetch-user","value":"?1"},{"name":"sec-fetch-dest","value":"document"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"},{"name":"if-none-match","value":"\"af0d9ab1ebeaf8ff3ce34ea9e79f2579\""},{"name":"if-modified-since","value":"Tue, 31 Jan 2023 09:25:22 GMT"}],"uri":"/log-pipeline/service-log","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"jPbv-RPsxtsQ5k9xxyWSKvE9bFlJLTarzMBVDy2xukWleaMpjZh72A=="}}
+{"timestamp":1679548672385,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"cache-control","value":"max-age=0"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"upgrade-insecure-requests","value":"1"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"accept","value":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"},{"name":"sec-fetch-site","value":"none"},{"name":"sec-fetch-mode","value":"navigate"},{"name":"sec-fetch-user","value":"?1"},{"name":"sec-fetch-dest","value":"document"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"},{"name":"if-none-match","value":"\"af0d9ab1ebeaf8ff3ce34ea9e79f2579\""},{"name":"if-modified-since","value":"Tue, 31 Jan 2023 09:25:22 GMT"}],"uri":"/log-pipeline/service-log","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"KBDRxdNLJ5vN4EN6E7fHA0qqnReXb-hZTYkMV5Qi77DU63I0pjOfsg=="}}
+{"timestamp":1679548672903,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"accept","value":"application/json, text/plain, */*"},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/aws-exports.json","args":"timestamp=1679548672251","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"6fz1cJxE2PYMUoi1Y0OIyqNUAZqwiftW5oay3fNrnaBahCkFc-4VCA=="}}
+{"timestamp":1679548670280,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"accept","value":"application/json, text/plain, */*"},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/aws-exports.json","args":"timestamp=1679548669562","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"AiaVoelxpsweW5RAwvj2v37T0Qdzb-YT8PxndPpbJMAFZ3LH8oRElw=="}}
+{"timestamp":1679548679496,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"accept","value":"application/json, text/plain, */*"},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/aws-exports.json","args":"timestamp=1679548678928","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"PM2dHUCB05rj_5pWg6pLfvU-Iu2WcoaNI1HvpPe3_S4pX5As56TRqA=="}}
+{"timestamp":1679548675776,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"accept","value":"application/json, text/plain, */*"},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"sec-fetch-site","value":"same-origin"},{"name":"sec-fetch-mode","value":"cors"},{"name":"sec-fetch-dest","value":"empty"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"}],"uri":"/aws-exports.json","args":"timestamp=1679548675203","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"HLBUYRzP8ll-I-2qOho5h8AUrzSjlvWw7DJrDk4VeYx92FugehT68w=="}}
+{"timestamp":1679548678725,"formatVersion":1,"webaclId":"arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1","terminatingRuleId":"Default_Action","terminatingRuleType":"REGULAR","action":"ALLOW","terminatingRuleMatchDetails":[],"httpSourceName":"CF","httpSourceId":"E13XOUZ3C0STES","ruleGroupList":[{"ruleGroupId":"AWS#AWSManagedRulesAmazonIpReputationList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesAnonymousIpList","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null},{"ruleGroupId":"AWS#AWSManagedRulesCommonRuleSet","terminatingRule":null,"nonTerminatingMatchingRules":[],"excludedRules":null,"customerConfig":null}],"rateBasedRuleList":[],"nonTerminatingMatchingRules":[],"requestHeadersInserted":null,"responseCodeSent":null,"httpRequest":{"clientIp":"13.248.48.3","country":"HK","headers":[{"name":"host","value":"d2wusnbjo8x1w7.cloudfront.net"},{"name":"cache-control","value":"max-age=0"},{"name":"sec-ch-ua","value":"\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""},{"name":"sec-ch-ua-mobile","value":"?0"},{"name":"sec-ch-ua-platform","value":"\"macOS\""},{"name":"upgrade-insecure-requests","value":"1"},{"name":"user-agent","value":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"},{"name":"accept","value":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"},{"name":"sec-fetch-site","value":"none"},{"name":"sec-fetch-mode","value":"navigate"},{"name":"sec-fetch-user","value":"?1"},{"name":"sec-fetch-dest","value":"document"},{"name":"accept-encoding","value":"gzip, deflate, br"},{"name":"accept-language","value":"en-US,en;q=0.9"},{"name":"if-none-match","value":"\"af0d9ab1ebeaf8ff3ce34ea9e79f2579\""},{"name":"if-modified-since","value":"Tue, 31 Jan 2023 09:25:22 GMT"}],"uri":"/log-pipeline/service-log","args":"","httpVersion":"HTTP/2.0","httpMethod":"GET","requestId":"QL4r6nTLZ0zEwDNyrrv64BYG6nrLGwQx1WPAsdPeQai6cecRr83rFQ=="}}
diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/data/samples.json b/server/adaptors/integrations/__data__/repository/aws_waf/data/samples.json
new file mode 100644
index 000000000..ff029c2a7
--- /dev/null
+++ b/server/adaptors/integrations/__data__/repository/aws_waf/data/samples.json
@@ -0,0 +1,4594 @@
+[
+ {
+ "@timestamp": "2023-07-17T08:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "no-cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "image"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/favicon.ico",
+ "args": "",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "a8i7U3kgh9ZgC-i_-vuB9ycuY1yXZA2C93SommMJO-NSZ8w1EfbQTA=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-17T04:12:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "text/css,*/*;q=0.1"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "no-cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "style"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/static/css/main.3c74189a.css",
+ "args": "",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "Nwcv2BEFdfsvUgaBa878YM2DqeOJvjgYTi_D1OZ7zsluZDCsscmgig=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-13T01:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "*/*"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "empty"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/locales/en-US/cluster.json",
+ "args": "v=v1.3.0",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "9EBB1jusDQ4BJHy7Im56e5obUGBHLcJ0-d6PwMZ1DCoEApsumJFKCw=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-16T03:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "*/*"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "no-cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "script"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/static/js/704.0fc9620b.chunk.js",
+ "args": "",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "PCylxlN5B7WYLr9E-FsDoRtynBLm6s5aKn-gYhFFn74KV0H6mtM2bA=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-12T08:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "*/*"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "empty"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/locales/en/info.json",
+ "args": "v=v1.3.0",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "KtWGg2zob530o7N5bNUT2zRbco11OGdsdYgcCmFAzUluNx3QgSQEJw=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-10T08:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "*/*"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "empty"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/locales/en-US/common.json",
+ "args": "v=v1.3.0",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "_F-SWxrC9nZ22jplLSvC7_ox2Jx2xPFE9HYT4tQtOcAYJwBrg1v6NQ=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-09T08:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "upgrade-insecure-requests",
+ "value": "1"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "accept",
+ "value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "none"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "navigate"
+ },
+ {
+ "name": "sec-fetch-user",
+ "value": "?1"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "document"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/log-pipeline/service-log",
+ "args": "",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "pytY5ev4ebR05f9mQGOnwufqXpk_FbsgRuFjd9cihOg42IqyE9Gx0Q=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-18T08:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "*/*"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "empty"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/locales/en/ekslog.json",
+ "args": "v=v1.3.0",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "y34C69VSSUEMC3BippLVEXzZnQoBttgRdH6R1rZExLwc2lZIt6X2sA=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-19T01:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "*/*"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "empty"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/locales/en/applog.json",
+ "args": "v=v1.3.0",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "W2b9qzn-ubH9iI-8NUXzC0WFMWmfO5A7cOEEDqzBzbdfpSUKdv2Mfw=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-12T01:00:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "*/*"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "empty"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/locales/en/resource.json",
+ "args": "v=v1.3.0",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "r0JWgRulEiWPnFXo0Kcu-nBQeaIX1X9f2EfUdvFFQMXsxBKkc27J0A=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-13T12:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "*/*"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "empty"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/locales/en/cluster.json",
+ "args": "v=v1.3.0",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "9F8xi5ujMH1et6Ysh_-2VQhiIAgLYJkA6bejtXBuIl7lx1QKDxUxtQ=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-20T12:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "*/*"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "empty"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/locales/en-US/home.json",
+ "args": "v=v1.3.0",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "iPfEWiMKyaM6iFv3XGLK9hvQt7ZchJXnV-hBr-DFdWnYlH04h0ZRzw=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-11T10:00:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "*/*"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "no-cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "script"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/static/js/171.b2862bb4.chunk.js",
+ "args": "",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "imCy2Tz9QYBNeRoKSbwnueyJbqltF52pBw6RRoQ95TyTtmbC8R_vvg=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-09T08:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "*/*"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "no-cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "script"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/static/js/main.1fce72cf.js",
+ "args": "",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "YF_xCzvlSslgoa6sHVY78bbK9JyI5xZv4ofP-o3FcwLtCjDho4VtOQ=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-01T12:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "*/*"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "empty"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/locales/en/common.json",
+ "args": "v=v1.3.0",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "3hCiWgV0BpwLCt1e9nvpFQGM7QMSj-g40cb5pTvi3Z_5diK-0TaUJQ=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-19T00:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "*/*"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "empty"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/locales/en/servicelog.json",
+ "args": "v=v1.3.0",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "MEkdaSTQMtuUA_whHiIM3l3wpPthbiFLV5GHVIfx39O8dKRrotcZew=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-13T11:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "*/*"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "empty"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/locales/en-US/resource.json",
+ "args": "v=v1.3.0",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "wbUO-9AVJzjhJHFdjd5cmouNp4ulDmm4hYbAQqdKRAS3o59mlwo9pA=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-21T05:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "*/*"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "empty"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/locales/en/home.json",
+ "args": "v=v1.3.0",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "MTcYuStUpGv5GcTKzDVKrpTO1P91eESO0K3dkDJ87a6MzAWK33ZKww=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-11T12:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "*/*"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "empty"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/locales/en-US/applog.json",
+ "args": "v=v1.3.0",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "MP4ldvR5h-k1hYZyNUe3npEQdNsF1upPYgZDAUBAfpTY6ydjehgszQ=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-12T01:04:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "*/*"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "no-cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "script"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/static/js/156.e12ab3ef.chunk.js",
+ "args": "",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "ZEec9twgKzh-7M5mBk31JG1cgpZaq6JCEvJ0P7rss0q66ID-NRorWw=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-10T00:10:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "*/*"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "no-cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "script"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/static/js/42.a78e6cdc.chunk.js",
+ "args": "",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "vfGrNbR3NHPIb8i1sDwZXapumeCzZ44Vo9T3wYXyXX5Eqntn2gBzvA=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-03T03:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "*/*"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "empty"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/locales/en-US/info.json",
+ "args": "v=v1.3.0",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "tyQN06m_gBa9rAP3gsxpoBt7TSbaByGd341sms_h8Rx5ZuuStXe0Yw=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-04T04:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "*/*"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "empty"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/locales/en-US/servicelog.json",
+ "args": "v=v1.3.0",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "qD11sEL_uV0sX3XjNEwkB74nGIUy5nefHwn7REK3nU-xYtAEEtCf3w=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-07T07:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "*/*"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "empty"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/locales/en-US/ekslog.json",
+ "args": "v=v1.3.0",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "iBmLjtAsp6KQkYMEnSHHdX_4OQ66cG993XlSoMEMBbO6SuvySzuQXQ=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-08T08:08:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "*/*"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "no-cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "script"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/static/js/54.66e91f12.chunk.js",
+ "args": "",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "fmndmvBBD1sko0pOCapAyqaPOD1YSuqzw_8gwkHGtVnQ0KxDnBf9sQ=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-09T09:09:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "accept",
+ "value": "application/json, text/plain, */*"
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "empty"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/aws-exports.json",
+ "args": "timestamp=1679548658747",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "HM4AuFrQ0scez_PTg9Ie_mtTkcTed0wa6u5Otl7MoYTO7uWEvwHHDw=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-10T10:10:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "*/*"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "no-cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "script"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/static/js/289.f9fcf639.chunk.js",
+ "args": "",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "AvozC55PQVeSjj18F5Pl00PIOaImVS6EGoMLWpT84xstY0BaO55hzQ=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-11T11:11:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "accept",
+ "value": "application/json, text/plain, */*"
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "empty"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/aws-exports.json",
+ "args": "timestamp=1679548665916",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "SZqmcXIZ9PBSamzQowJBc2bV5eVmhJVJA-wxDSRdP6Gqqnnm6Ll4zw=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-12T08:12:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "accept",
+ "value": "*/*"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "no-cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "script"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/static/js/592.57113085.chunk.js",
+ "args": "",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "ILEgkYBAGPgRq6uo82mbIV6QxFhy4bZVkpel-9AoHEkQNhSX68WpZw=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-13T08:13:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "cache-control",
+ "value": "max-age=0"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "upgrade-insecure-requests",
+ "value": "1"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "accept",
+ "value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "none"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "navigate"
+ },
+ {
+ "name": "sec-fetch-user",
+ "value": "?1"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "document"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ },
+ {
+ "name": "if-none-match",
+ "value": "\"af0d9ab1ebeaf8ff3ce34ea9e79f2579\""
+ },
+ {
+ "name": "if-modified-since",
+ "value": "Tue, 31 Jan 2023 09:25:22 GMT"
+ }
+ ],
+ "uri": "/log-pipeline/service-log",
+ "args": "",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "LZEvUnDWadacvKLRROO1NHZBGpwozTNadZSOAnrJcicJqrHoBUJP0w=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-17T08:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "cache-control",
+ "value": "max-age=0"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "upgrade-insecure-requests",
+ "value": "1"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "accept",
+ "value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "none"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "navigate"
+ },
+ {
+ "name": "sec-fetch-user",
+ "value": "?1"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "document"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ },
+ {
+ "name": "if-none-match",
+ "value": "\"af0d9ab1ebeaf8ff3ce34ea9e79f2579\""
+ },
+ {
+ "name": "if-modified-since",
+ "value": "Tue, 31 Jan 2023 09:25:22 GMT"
+ }
+ ],
+ "uri": "/log-pipeline/service-log",
+ "args": "",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "yr4cC1IFd6ZHD6UmTw_QTayDWwqmyuqce7Q6VqTjFBPpLIybmfcIxg=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-01T09:00:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "cache-control",
+ "value": "max-age=0"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "upgrade-insecure-requests",
+ "value": "1"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "accept",
+ "value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "none"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "navigate"
+ },
+ {
+ "name": "sec-fetch-user",
+ "value": "?1"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "document"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ },
+ {
+ "name": "if-none-match",
+ "value": "\"af0d9ab1ebeaf8ff3ce34ea9e79f2579\""
+ },
+ {
+ "name": "if-modified-since",
+ "value": "Tue, 31 Jan 2023 09:25:22 GMT"
+ }
+ ],
+ "uri": "/log-pipeline/service-log",
+ "args": "",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "jPbv-RPsxtsQ5k9xxyWSKvE9bFlJLTarzMBVDy2xukWleaMpjZh72A=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-10T00:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "cache-control",
+ "value": "max-age=0"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "upgrade-insecure-requests",
+ "value": "1"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "accept",
+ "value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "none"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "navigate"
+ },
+ {
+ "name": "sec-fetch-user",
+ "value": "?1"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "document"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ },
+ {
+ "name": "if-none-match",
+ "value": "\"af0d9ab1ebeaf8ff3ce34ea9e79f2579\""
+ },
+ {
+ "name": "if-modified-since",
+ "value": "Tue, 31 Jan 2023 09:25:22 GMT"
+ }
+ ],
+ "uri": "/log-pipeline/service-log",
+ "args": "",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "KBDRxdNLJ5vN4EN6E7fHA0qqnReXb-hZTYkMV5Qi77DU63I0pjOfsg=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-13T09:00:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "accept",
+ "value": "application/json, text/plain, */*"
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "empty"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/aws-exports.json",
+ "args": "timestamp=1679548672251",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "6fz1cJxE2PYMUoi1Y0OIyqNUAZqwiftW5oay3fNrnaBahCkFc-4VCA=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-12T01:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "accept",
+ "value": "application/json, text/plain, */*"
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "empty"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/aws-exports.json",
+ "args": "timestamp=1679548669562",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "AiaVoelxpsweW5RAwvj2v37T0Qdzb-YT8PxndPpbJMAFZ3LH8oRElw=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-23T08:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "accept",
+ "value": "application/json, text/plain, */*"
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "empty"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/aws-exports.json",
+ "args": "timestamp=1679548678928",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "PM2dHUCB05rj_5pWg6pLfvU-Iu2WcoaNI1HvpPe3_S4pX5As56TRqA=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-23T08:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "accept",
+ "value": "application/json, text/plain, */*"
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "same-origin"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "cors"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "empty"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ }
+ ],
+ "uri": "/aws-exports.json",
+ "args": "timestamp=1679548675203",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "HLBUYRzP8ll-I-2qOho5h8AUrzSjlvWw7DJrDk4VeYx92FugehT68w=="
+ }
+ }
+ }
+ },
+ {
+ "@timestamp": "2023-07-01T08:14:05.000Z",
+ "event": {
+ "result": "ACCEPT",
+ "name": "waf",
+ "domain": "waf"
+ },
+ "attributes": {
+ "data_stream": {
+ "dataset": "waf_log",
+ "namespace": "production",
+ "type": "waf_logs"
+ }
+ },
+ "cloud": {
+ "provider": "aws",
+ "account": {
+ "id": "111111111111"
+ },
+ "region": "ap-southeast-2",
+ "resource_id": "vpc-0d4d4e82b7d743527",
+ "platform": "aws_vpc"
+ },
+ "aws": {
+ "waf": {
+ "formatVersion": 1,
+ "webaclId": "arn:aws:wafv2:us-east-1:347283850106:global/webacl/test-cf/ba65eb35-e5d8-4be5-b016-129a338a48b1",
+ "terminatingRuleId": "Default_Action",
+ "terminatingRuleType": "REGULAR",
+ "action": "ALLOW",
+ "terminatingRuleMatchDetails": [],
+ "httpSourceName": "CF",
+ "httpSourceId": "E13XOUZ3C0STES",
+ "ruleGroupList": [
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAmazonIpReputationList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesAnonymousIpList",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ },
+ {
+ "ruleGroupId": "AWS#AWSManagedRulesCommonRuleSet",
+ "terminatingRule": null,
+ "nonTerminatingMatchingRules": [],
+ "excludedRules": null,
+ "customerConfig": null
+ }
+ ],
+ "rateBasedRuleList": [],
+ "nonTerminatingMatchingRules": [],
+ "requestHeadersInserted": null,
+ "responseCodeSent": null,
+ "httpRequest": {
+ "clientIp": "13.248.48.3",
+ "country": "HK",
+ "headers": [
+ {
+ "name": "host",
+ "value": "d2wusnbjo8x1w7.cloudfront.net"
+ },
+ {
+ "name": "cache-control",
+ "value": "max-age=0"
+ },
+ {
+ "name": "sec-ch-ua",
+ "value": "\"Google Chrome\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\""
+ },
+ {
+ "name": "sec-ch-ua-mobile",
+ "value": "?0"
+ },
+ {
+ "name": "sec-ch-ua-platform",
+ "value": "\"macOS\""
+ },
+ {
+ "name": "upgrade-insecure-requests",
+ "value": "1"
+ },
+ {
+ "name": "user-agent",
+ "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
+ },
+ {
+ "name": "accept",
+ "value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"
+ },
+ {
+ "name": "sec-fetch-site",
+ "value": "none"
+ },
+ {
+ "name": "sec-fetch-mode",
+ "value": "navigate"
+ },
+ {
+ "name": "sec-fetch-user",
+ "value": "?1"
+ },
+ {
+ "name": "sec-fetch-dest",
+ "value": "document"
+ },
+ {
+ "name": "accept-encoding",
+ "value": "gzip, deflate, br"
+ },
+ {
+ "name": "accept-language",
+ "value": "en-US,en;q=0.9"
+ },
+ {
+ "name": "if-none-match",
+ "value": "\"af0d9ab1ebeaf8ff3ce34ea9e79f2579\""
+ },
+ {
+ "name": "if-modified-since",
+ "value": "Tue, 31 Jan 2023 09:25:22 GMT"
+ }
+ ],
+ "uri": "/log-pipeline/service-log",
+ "args": "",
+ "httpVersion": "HTTP/2.0",
+ "httpMethod": "GET",
+ "requestId": "QL4r6nTLZ0zEwDNyrrv64BYG6nrLGwQx1WPAsdPeQai6cecRr83rFQ=="
+ }
+ }
+ }
+ }
+]
diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/info/README.md b/server/adaptors/integrations/__data__/repository/aws_waf/info/README.md
new file mode 100644
index 000000000..3c51586ab
--- /dev/null
+++ b/server/adaptors/integrations/__data__/repository/aws_waf/info/README.md
@@ -0,0 +1,27 @@
+# AWS WAF Log Integration
+
+## What is AWS WAF?
+
+AWS WAF (Web Application Firewall) is a web application firewall service that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF provides firewall rules to filter and monitor HTTP/HTTPS requests based on specific conditions.
+
+AWS WAF can be used for various purposes, such as:
+
+- Mitigating web application layer DDoS attacks
+- Blocking common web attack patterns like SQL injection and cross-site scripting (XSS)
+- Filtering traffic based on IP addresses or geographic locations
+- Controlling access to specific parts of your application
+
+AWS WAF allows you to define rules to match specific conditions and then take actions, such as allowing, blocking, or rate-limiting requests, based on those rules.
+
+See additional details [here](https://aws.amazon.com/waf/).
+
+## What is AWS WAF Log Integration?
+
+An integration is a set of pre-configured assets bundled together to facilitate monitoring and analysis.
+
+AWS WAF log integration includes dashboards, visualizations, queries, and an index mapping.
+
+### Dashboards
+The Dashboard uses the index alias `logs-waf` for shortening the index name - be advised.
+
+![Dashboard](../static/dashboard.png)
diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/schemas/aws_s3-1.0.0.mapping.json b/server/adaptors/integrations/__data__/repository/aws_waf/schemas/aws_s3-1.0.0.mapping.json
new file mode 100644
index 000000000..204b9c009
--- /dev/null
+++ b/server/adaptors/integrations/__data__/repository/aws_waf/schemas/aws_s3-1.0.0.mapping.json
@@ -0,0 +1,171 @@
+{
+ "template": {
+ "mappings": {
+ "_meta": {
+ "version": "1.0.0",
+ "catalog": "observability",
+ "type": "logs",
+ "component": "s3"
+ },
+ "properties": {
+ "aws": {
+ "type" : "object",
+ "properties": {
+ "s3": {
+ "type" : "object",
+ "properties": {
+ "bucket_owner": {
+ "type": "keyword"
+ },
+ "bucket": {
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "remote_ip": {
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "requester": {
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "request_id": {
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "operation": {
+ "type": "keyword"
+ },
+ "key": {
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "copy_source": {
+ "type": "keyword"
+ },
+ "upload_id": {
+ "type": "keyword"
+ },
+ "delete": {
+ "type": "keyword"
+ },
+ "part_number": {
+ "type": "keyword"
+ },
+ "request_uri": {
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "http_status": {
+ "type": "keyword"
+ },
+ "error_code": {
+ "type": "keyword"
+ },
+ "bytes_sent": {
+ "type": "long"
+ },
+ "object_size": {
+ "type": "long"
+ },
+ "total_time": {
+ "type": "integer"
+ },
+ "turn_around_time": {
+ "type": "integer"
+ },
+ "referrer": {
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "user_agent": {
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "version_id": {
+ "type": "keyword"
+ },
+ "host_id": {
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "signature_version": {
+ "type": "keyword"
+ },
+ "cipher_suite": {
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "authentication_type": {
+ "type": "keyword"
+ },
+ "host_header": {
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "tls_version": {
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/schemas/aws_waf-1.0.0.mapping.json b/server/adaptors/integrations/__data__/repository/aws_waf/schemas/aws_waf-1.0.0.mapping.json
new file mode 100644
index 000000000..a05b7c4a0
--- /dev/null
+++ b/server/adaptors/integrations/__data__/repository/aws_waf/schemas/aws_waf-1.0.0.mapping.json
@@ -0,0 +1,143 @@
+{
+ "template": {
+ "mappings": {
+ "_meta": {
+ "version": "1.0.0",
+ "catalog": "observability",
+ "type": "logs",
+ "component": "aws_waf"
+ },
+ "properties": {
+ "aws": {
+ "type": "object",
+ "properties": {
+ "waf": {
+ "type": "object",
+ "properties": {
+ "action": {
+ "type": "keyword"
+ },
+ "formatVersion": {
+ "type": "keyword"
+ },
+ "httpRequest": {
+ "properties": {
+ "args": {
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "clientIp": {
+ "type": "ip"
+ },
+ "country": {
+ "type": "keyword"
+ },
+ "headers": {
+ "properties": {
+ "name": {
+ "type": "keyword"
+ },
+ "value": {
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ }
+ }
+ },
+ "httpMethod": {
+ "type": "keyword"
+ },
+ "httpVersion": {
+ "type": "keyword"
+ },
+ "requestId": {
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "uri": {
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ }
+ }
+ },
+ "httpSourceId": {
+ "type": "keyword"
+ },
+ "httpSourceName": {
+ "type": "keyword"
+ },
+ "labels": {
+ "properties": {
+ "name": {
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ }
+ }
+ },
+ "ruleGroupList": {
+ "properties": {
+ "ruleGroupId": {
+ "type": "keyword"
+ },
+ "terminatingRule": {
+ "properties": {
+ "action": {
+ "type": "keyword"
+ },
+ "ruleId": {
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "terminatingRuleId": {
+ "type": "keyword"
+ },
+ "terminatingRuleType": {
+ "type": "keyword"
+ },
+ "webaclId": {
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "webaclName": {
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/schemas/cloud-1.0.0.mapping.json b/server/adaptors/integrations/__data__/repository/aws_waf/schemas/cloud-1.0.0.mapping.json
new file mode 100644
index 000000000..c14bbf327
--- /dev/null
+++ b/server/adaptors/integrations/__data__/repository/aws_waf/schemas/cloud-1.0.0.mapping.json
@@ -0,0 +1,42 @@
+{
+ "template": {
+ "mappings": {
+ "_meta": {
+ "version": "1.0.0",
+ "catalog": "observability",
+ "type": "logs",
+ "component": "cloud"
+ },
+ "properties": {
+ "cloud": {
+ "type" : "object",
+ "properties": {
+ "provider": {
+ "type": "keyword"
+ },
+ "account": {
+ "type": "object",
+ "properties": {
+ "id": {
+ "type": "keyword"
+ }
+ }
+ },
+ "region": {
+ "type": "keyword"
+ },
+ "resource_id": {
+ "type": "keyword"
+ },
+ "availability_zone": {
+ "type": "keyword"
+ },
+ "platform": {
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/schemas/logs_waf-1.0.0.mapping.json b/server/adaptors/integrations/__data__/repository/aws_waf/schemas/logs_waf-1.0.0.mapping.json
new file mode 100644
index 000000000..ec4668a28
--- /dev/null
+++ b/server/adaptors/integrations/__data__/repository/aws_waf/schemas/logs_waf-1.0.0.mapping.json
@@ -0,0 +1,248 @@
+{
+ "index_patterns": [
+ "ss4o_logs-aws_waf-*"
+ ],
+ "priority": 900,
+ "data_stream": {},
+ "template": {
+ "aliases": {
+ "logs-waf": {}
+ },
+ "mappings": {
+ "_meta": {
+ "version": "1.0.0",
+ "catalog": "observability",
+ "type": "logs",
+ "component": "log",
+ "correlations": [
+ {
+ "field": "spanId",
+ "foreign-schema": "traces",
+ "foreign-field": "spanId"
+ },
+ {
+ "field": "traceId",
+ "foreign-schema": "traces",
+ "foreign-field": "traceId"
+ }
+ ]
+ },
+ "_source": {
+ "enabled": true
+ },
+ "dynamic_templates": [
+ {
+ "resources_map": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "path_match": "resource.*"
+ }
+ },
+ {
+ "attributes_map": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "path_match": "attributes.*"
+ }
+ },
+ {
+ "instrumentation_scope_attributes_map": {
+ "mapping": {
+ "type": "keyword"
+ },
+ "path_match": "instrumentationScope.attributes.*"
+ }
+ }
+ ],
+ "properties": {
+ "severity": {
+ "properties": {
+ "number": {
+ "type": "long"
+ },
+ "text": {
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ }
+ }
+ },
+ "attributes": {
+ "type": "object",
+ "properties": {
+ "data_stream": {
+ "properties": {
+ "dataset": {
+ "ignore_above": 128,
+ "type": "keyword"
+ },
+ "namespace": {
+ "ignore_above": 128,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 56,
+ "type": "keyword"
+ }
+ }
+ }
+ }
+ },
+ "body": {
+ "type": "text"
+ },
+ "@message": {
+ "type": "alias",
+ "path": "body"
+ },
+ "@timestamp": {
+ "type": "date"
+ },
+ "observedTimestamp": {
+ "type": "date"
+ },
+ "observerTime": {
+ "type": "alias",
+ "path": "observedTimestamp"
+ },
+ "traceId": {
+ "ignore_above": 256,
+ "type": "keyword"
+ },
+ "spanId": {
+ "ignore_above": 256,
+ "type": "keyword"
+ },
+ "schemaUrl": {
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "instrumentationScope": {
+ "properties": {
+ "name": {
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 128
+ }
+ }
+ },
+ "version": {
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ },
+ "dropped_attributes_count": {
+ "type": "integer"
+ },
+ "schemaUrl": {
+ "type": "text",
+ "fields": {
+ "keyword": {
+ "type": "keyword",
+ "ignore_above": 256
+ }
+ }
+ }
+ }
+ },
+ "event": {
+ "properties": {
+ "domain": {
+ "ignore_above": 256,
+ "type": "keyword"
+ },
+ "name": {
+ "ignore_above": 256,
+ "type": "keyword"
+ },
+ "source": {
+ "ignore_above": 256,
+ "type": "keyword"
+ },
+ "category": {
+ "ignore_above": 256,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 256,
+ "type": "keyword"
+ },
+ "kind": {
+ "ignore_above": 256,
+ "type": "keyword"
+ },
+ "result": {
+ "ignore_above": 256,
+ "type": "keyword"
+ },
+ "exception": {
+ "properties": {
+ "message": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
+ "type": {
+ "ignore_above": 256,
+ "type": "keyword"
+ },
+ "stacktrace": {
+ "type": "text"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "settings": {
+ "index": {
+ "mapping": {
+ "total_fields": {
+ "limit": 10000
+ }
+ },
+ "refresh_interval": "5s"
+ }
+ }
+ },
+ "composed_of": [
+ "cloud",
+ "aws_waf",
+ "aws_s3"
+ ],
+ "version": 1,
+ "_meta": {
+ "description": "Simple Schema For Observability",
+ "catalog": "observability",
+ "type": "logs",
+ "correlations": [
+ {
+ "field": "spanId",
+ "foreign-schema": "traces",
+ "foreign-field": "spanId"
+ },
+ {
+ "field": "traceId",
+ "foreign-schema": "traces",
+ "foreign-field": "traceId"
+ }
+ ]
+ }
+}
diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/static/dashboard.png b/server/adaptors/integrations/__data__/repository/aws_waf/static/dashboard.png
new file mode 100644
index 000000000..2443cc5b5
Binary files /dev/null and b/server/adaptors/integrations/__data__/repository/aws_waf/static/dashboard.png differ
diff --git a/server/adaptors/integrations/__data__/repository/aws_waf/static/logo.jpg b/server/adaptors/integrations/__data__/repository/aws_waf/static/logo.jpg
new file mode 100644
index 000000000..28ed54018
Binary files /dev/null and b/server/adaptors/integrations/__data__/repository/aws_waf/static/logo.jpg differ