The Expression Builder doesn’t offer those fields. I’m hoping they may be available if editing the expression manually.
Do you mean unknown, or is it just blank? I’m sure there are tons of not-seen-before browser and OS strings, so Cloudflare doesn’t maintain a list like this, other than what “Browser Integrity Check” does.
The Analytics Traffic dashboard has specific entries for UNKNOWN under the headings for Browsers and Operating Systems.
I’d like to get similar granularity on the Firewall side, so I can catch those same entries.
For what it’s worth, I have the same interest. Until I discovered the IP address of the bot that was attempting to take down my website, I had no information other than the country from which the attack was originating. And there are very few attacks that take place where the information about browsers and operating systems is in fact not identified.
Ultimately I took half an hour and went through my log files and was able to determine the bot in question. CF as I noted above was able to tell me only the country of origin, nothing else.