Versions Compared

Old Version 2

changes.mady.by.user Patrick Téguia

Saved on

compared with

New Version Current

changes.mady.by.user Patrick Téguia

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

POST https://console.baleen.cloud/api/logs/waf-logs

...

Table of Contents
minLevel2
maxLevel32

Authorization

Note

  • The user must be authentificated using his personal access token

  • The baleen namespace must be set within the cookie baleen-namespace

...

Body Params

filters objectdescription

Optional This object is an optional array allowing to define the filters to apply on the waf logs using the following parameters.

Param

Type

Description

field

enum

The field targeted to filter the logs

Has to be one of the following value :

  • “ruleId”

operator

enum

The operator used to filter the logs

Has to be one of the following value :

  • “equals” : this option allows to retrieve logs whose the mentioned field is strictly equal to the indicated value.

value

string

The value considered to filter the logs

...

Field

Type

Description

transaction

object

Anchor
transaction
transaction
transaction object description

This object gathers information about the threat(s) identified by the OWASP ruleset

Field

Type

Description

clientIP

string

clientPort

integer

hostIP

string

hostPort

integer

messages

object[]

producer

object

request

object

response

object

serverId

String

timeStamp

string

uniqueId

string

Anchor
messages
messages
messages object description

This array helps to understand why the request is seen as a threat : there is a messages occurrence for each OWASP rule triggered

Field

Type

Description

details

object

message

string

Anchor
details
details
details object description

This object gives precise details about the rule triggered (its ID and severity) and the reason of the trigger

Field

Type

Description

accuracy

string

data

string

file

string

lineNumber

string

match

string

maturity

string

reference

string

rev

string

ruleId

string

severity

string

tags

string[]

ver

string

Anchor
producer
producer
producer object description

This object gives information about ModSecurity : the producer of the waf log.

Field

Type

Description

components

string[]

connector

string

modsecurity

string

secrulesEngine

string

Anchor
request
request
request object description

This object gathers information about the initial HTTP request

Field

Type

Description

headers

string[]

httpVersion

number

method

string

uri

string

Anchor
response
response
response object description

This object gathers information about the HTTP response

Field

Type

Description

headers

string[]

httpCode

string

Unsuccessful request

400 Bad request

500 Internal server error

Example

The following example shows an API call retrieving security events created after a request triggered the rule 920320 between April 25th 2023 3PM and April 25th 2023 8PM.

...