POST https://console.baleen.cloud/api/logs/waf-logs
...
| Table of Contents | ||||
|---|---|---|---|---|
|
Authorization
| Note |
|---|
|
...
Param | Required/Optional | Type | Description |
|---|---|---|---|
start | optional | long | The timestamp (in seconds) to collect data from |
end | optional | long | The timestamp (in seconds) to collect data to |
size | optional | integer | The page size of log entries to retrieve. Between 1 and 100. |
page | optional | 0 | The page number of log entries to retrieve |
Body Params
filters object
...
description
This object is an optional array allowing to define the filters to apply on the waf logs using the following parameters.
Param | Type | Description |
|---|---|---|
field | enum | The field targeted to filter the logs Has to be one of the following value :
|
operator | enum | The operator used to filter the logs Has to be one of the following value :
|
value | string | The value considered to filter the logs |
...
Response format
Successful request
200 OK
Field |
|---|
Required/Optional
Type | Description |
|---|
transaction |
ISO 8601 GMT
ISO 8601 uses the 24-hour clock system
status
required
HTTP status
Hypertext Transfer Protocol (HTTP) response status codes
remoteAddr
optional
IP address
client IP proxy or client IP address
upstream
optional
IP address
Baleen proxy-out IP address
scheme
required
URI Scheme
requestFateAction
optional
Baleen BotDetection Fate Action
Baleen Botdetection action for this request
bodyBytesSent
required
Byte data type
request body size
botCategory
optional
Baleen Bot Category
Bot Category assigned to this request
httpHost
required
URL scheme
Request Host header value
httpUserAgent
optional
String
Request User-Agent header value
remoteUser
optional
IP address
requestTime
optional
Duration (Seconds)
Request processing time
clientIP
required
IP address
Client IP adress
httpXForwardedFor
optional
comma separated IP addresses
identifying the originating IP address of a client connecting to a web server through an HTTP proxy or a load balancer
httpReferrer
optional
URL scheme
Request Referer header value
upstreamResponseTime
optional
Duration (Second)
Origine response time for this request
requestFate
optional
Baleen Bot Detection Action
Baleen action for this request
requestJa3
optional
string
Device TLS fingerprint
sslProtocol
required
string
Client TLS protocol
serverProtocol
required
string
requestURI
required
URI scheme
Request ressource identifier
requestMethod
required
HTTP Request Method
requestArgs
optional
string
Request URI query strings
requestISP
optional
string
Client Internet Service Provider
requestCountry
optional
string
country code ISO3166-1 format
requestConnectionType
optional
string
requestionIsAnonymousProxy
optional
Boolean
Tells if this request was made using an anonymous proxy like à VPN
responseContentType
optional
string
Response Content Type Header
...
| Anchor | ||||
|---|---|---|---|---|
|
This object gathers information about the threat(s) identified by the OWASP ruleset
Field | Type | Description |
|---|---|---|
clientIP | string | |
clientPort | integer | |
hostIP | string | |
hostPort | integer | |
messages | ||
producer | ||
request | ||
response | ||
serverId | String | |
timeStamp | string | |
uniqueId | string |
| Anchor | ||||
|---|---|---|---|---|
|
This array helps to understand why the request is seen as a threat : there is a messages occurrence for each OWASP rule triggered
Field | Type | Description |
|---|---|---|
details | ||
message | string |
| Anchor | ||||
|---|---|---|---|---|
|
This object gives precise details about the rule triggered (its ID and severity) and the reason of the trigger
Field | Type | Description |
|---|---|---|
accuracy | string | |
data | string | |
file | string | |
lineNumber | string | |
match | string | |
maturity | string | |
reference | string | |
rev | string | |
ruleId | string | |
severity | string | |
tags | string[] | |
ver | string |
| Anchor | ||||
|---|---|---|---|---|
|
This object gives information about ModSecurity : the producer of the waf log.
Field | Type | Description |
|---|---|---|
components | string[] | |
connector | string | |
modsecurity | string | |
secrulesEngine | string |
| Anchor | ||||
|---|---|---|---|---|
|
This object gathers information about the initial HTTP request
Field | Type | Description |
|---|---|---|
headers | string[] | |
httpVersion | number | |
method | string | |
uri | string |
| Anchor | ||||
|---|---|---|---|---|
|
This object gathers information about the HTTP response
Field | Type | Description |
|---|---|---|
headers | string[] | |
httpCode | string |
Unsuccessful request
400 Bad request
500 Internal server error
Example
The following example shows an API call retrieving security events created after a request triggered the rule 920320 between April 25th 2023 3PM and April 25th 2023 8PM.
...