*.com
Is there a way to get WAF logs out of the system into a SIEM without an expensive enterprise license? seems that it should be included in the WAF license given how important those log can be to the security of our applications.
currently importing auditlogs
You can use the API & some graphql to export the logs
Thanks for response @paul32 does the API include WAF logs though?
Have a look at ListFirewallEvents
It gives you the following info
action
clientAsn
clientASNDescription
clientCountryName
clientIP
clientRequestPath
clientRequestQuery
clientRequestHTTPMethodName
clientRequestHTTPHost
clientRequestHTTPMethodName
clientRefererHost
clientRefererPath
datetime
source
userAgent
e.g.
"action": "block",
"clientASNDescription": "OVH",
"clientAsn": "16276",
"clientCountryName": "FR",
"clientIP": "145.239.10.137",
"clientRefererHost": "<DomainName>.uk",
"clientRefererPath": "/tester.php",
"clientRequestHTTPHost": "",
"clientRequestHTTPMethodName": "GET",
"clientRequestPath": "/tester.php",
"clientRequestQuery": "",
"datetime": "2024-12-12T06:05:01Z",
"source": "asn",
"userAgent": "Mozilla/5.0 (iPhone; CPU iPhone OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1"
},
Thanks @paul32