Smart Web Security Audit Trails Events: SWSMatchedRequest
Event JSON schema
{
"eventId": "string",
"eventSource": "string",
"eventType": "string",
"eventTime": "string",
"authentication": {
"authenticated": "boolean",
// Includes only one of the fields `subjectType`
"subjectType": "string",
// end of the list of possible fields
// Includes only one of the fields `subjectId`
"subjectId": "string",
// end of the list of possible fields
// Includes only one of the fields `subjectName`
"subjectName": "string",
// end of the list of possible fields
// Includes only one of the fields `federationId`
"federationId": "string",
// end of the list of possible fields
// Includes only one of the fields `federationName`
"federationName": "string",
// end of the list of possible fields
// Includes only one of the fields `federationType`
"federationType": "string",
// end of the list of possible fields
"tokenInfo": {
"maskedIamToken": "string",
// Includes only one of the fields `iamTokenId`
"iamTokenId": "string",
// end of the list of possible fields
// Includes only one of the fields `impersonatorId`
"impersonatorId": "string",
// end of the list of possible fields
// Includes only one of the fields `impersonatorType`
"impersonatorType": "string",
// end of the list of possible fields
// Includes only one of the fields `impersonatorName`
"impersonatorName": "string",
// end of the list of possible fields
// Includes only one of the fields `impersonatorFederationId`
"impersonatorFederationId": "string",
// end of the list of possible fields
// Includes only one of the fields `impersonatorFederationName`
"impersonatorFederationName": "string",
// end of the list of possible fields
// Includes only one of the fields `impersonatorFederationType`
"impersonatorFederationType": "string"
// end of the list of possible fields
}
},
"authorization": {
"authorized": "boolean"
},
"resourceMetadata": {
"path": [
{
"resourceType": "string",
"resourceId": "string",
// Includes only one of the fields `resourceName`
"resourceName": "string"
// end of the list of possible fields
}
]
},
"requestMetadata": {
"remoteAddress": "string",
"userAgent": "string",
"requestId": "string",
// Includes only one of the fields `remotePort`
"remotePort": "string"
// end of the list of possible fields
},
"eventStatus": "string",
"error": {
"code": "integer",
"message": "string",
"details": [
"object"
]
},
"details": {
"clientIp": "string",
"requestTime": "string",
"albId": "string",
"albRequestId": "string",
"uniqueKey": "string",
"httpVersion": "string",
"httpMethod": "string",
"httpHost": "string",
"httpPath": "string",
"httpQueries": "string",
"headers": [
{
"key": "string",
"value": "string"
}
],
"securityProfileId": "string",
"securityProfileName": "string",
"moduleType": "string",
"action": "string",
"arlProfileId": "string",
"arlProfileName": "string",
"arlVerdict": "string",
"arlAppliedQuotaName": "string",
"arlMatchedQuotas": [
{
"quotaName": "string",
"allowed": "string",
"dryRun": "string",
"priority": "string",
"counter": "string",
"requests": "string",
"period": "string",
"limit": "string",
"banPeriod": "string"
}
],
"matchedRuleName": "string",
"matchedRuleVerdict": "string",
"wafProfileId": "string",
"wafProfileName": "string",
"wafAppliedRuleSetId": "string",
"wafRuleSetsIds": [
"string"
],
"wafMatchedRules": "object",
"wafMatchedExclusionRules": [
{
"exclusionRuleName": "string",
"excludedRuleIds": [
"string"
]
}
],
"dryRunMatchedRuleName": "string",
"dryRunMatchedRuleVerdict": "string",
"dryRunWafProfileId": "string",
"dryRunWafProfileName": "string",
"dryRunWafAppliedRuleSetId": "string",
"dryRunWafRuleSetsIds": [
"string"
],
"dryRunWafMatchedRules": "object",
"dryRunWafMatchedExclusionRules": [
{
"exclusionRuleName": "string",
"excludedRuleIds": [
"string"
]
}
],
"customPageId": "string",
"customPageName": "string",
"botScore": "string",
"botName": "string",
"botCategory": "string",
"verifiedBot": "string",
"ja3": "string",
"ja4": "string",
"asnList": [
"string"
],
"country": "string",
"userAgent": "string",
"matchedRuleType": "string",
"dryRunMatchedRuleType": "string",
"httpBodySize": "string"
},
"requestParameters": "object",
"response": "object"
}
Field description
|
Field |
Description |
|
eventId |
string |
|
eventSource |
string |
|
eventType |
string |
|
eventTime |
string (date-time) String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
authentication |
|
|
authorization |
|
|
resourceMetadata |
|
|
requestMetadata |
|
|
eventStatus |
enum (EventStatus)
|
|
error |
The error result of the operation in case of failure or cancellation. |
|
details |
|
|
requestParameters |
object |
|
response |
object |
IamAuthentication
|
Field |
Description |
|
authenticated |
boolean |
|
subjectType |
enum (IamSubjectType) Includes only one of the fields
|
|
subjectId |
string Includes only one of the fields |
|
subjectName |
string Includes only one of the fields |
|
federationId |
string Includes only one of the fields |
|
federationName |
string Includes only one of the fields |
|
federationType |
enum (FederationType) Includes only one of the fields
|
|
tokenInfo |
IamTokenInfo
|
Field |
Description |
|
maskedIamToken |
string |
|
iamTokenId |
string Includes only one of the fields |
|
impersonatorId |
string Includes only one of the fields |
|
impersonatorType |
enum (IamSubjectType) Includes only one of the fields
|
|
impersonatorName |
string Includes only one of the fields |
|
impersonatorFederationId |
string Includes only one of the fields |
|
impersonatorFederationName |
string Includes only one of the fields |
|
impersonatorFederationType |
enum (FederationType) Includes only one of the fields
|
Authorization
|
Field |
Description |
|
authorized |
boolean |
ResourceMetadata
|
Field |
Description |
|
path[] |
Resource
|
Field |
Description |
|
resourceType |
string |
|
resourceId |
string |
|
resourceName |
string Includes only one of the fields |
RequestMetadata
|
Field |
Description |
|
remoteAddress |
string |
|
userAgent |
string |
|
requestId |
string |
|
remotePort |
string (int64) Includes only one of the fields |
Status
The error result of the operation in case of failure or cancellation.
|
Field |
Description |
|
code |
integer (int32) Error code. An enum value of google.rpc.Code. |
|
message |
string An error message. |
|
details[] |
object A list of messages that carry the error details. |
SWSMatchedRequestDetails
|
Field |
Description |
|
clientIp |
string |
|
requestTime |
string |
|
albId |
string |
|
albRequestId |
string |
|
uniqueKey |
string |
|
httpVersion |
string |
|
httpMethod |
string |
|
httpHost |
string |
|
httpPath |
string |
|
httpQueries |
string |
|
headers[] |
|
|
securityProfileId |
string |
|
securityProfileName |
string |
|
moduleType |
string |
|
action |
string |
|
arlProfileId |
string |
|
arlProfileName |
string |
|
arlVerdict |
string |
|
arlAppliedQuotaName |
string |
|
arlMatchedQuotas[] |
|
|
matchedRuleName |
string |
|
matchedRuleVerdict |
string |
|
wafProfileId |
string |
|
wafProfileName |
string |
|
wafAppliedRuleSetId |
string |
|
wafRuleSetsIds[] |
string |
|
wafMatchedRules |
object (map<string, MatchedRulesList>) |
|
wafMatchedExclusionRules[] |
|
|
dryRunMatchedRuleName |
string |
|
dryRunMatchedRuleVerdict |
string |
|
dryRunWafProfileId |
string |
|
dryRunWafProfileName |
string |
|
dryRunWafAppliedRuleSetId |
string |
|
dryRunWafRuleSetsIds[] |
string |
|
dryRunWafMatchedRules |
object (map<string, MatchedRulesList>) |
|
dryRunWafMatchedExclusionRules[] |
|
|
customPageId |
string |
|
customPageName |
string |
|
botScore |
string |
|
botName |
string |
|
botCategory |
string |
|
verifiedBot |
string |
|
ja3 |
string |
|
ja4 |
string |
|
asnList[] |
string |
|
country |
string |
|
userAgent |
string |
|
matchedRuleType |
string |
|
dryRunMatchedRuleType |
string |
|
httpBodySize |
string |
Header
|
Field |
Description |
|
key |
string |
|
value |
string |
MatchedQuota
|
Field |
Description |
|
quotaName |
string |
|
allowed |
string |
|
dryRun |
string |
|
priority |
string |
|
counter |
string |
|
requests |
string |
|
period |
string |
|
limit |
string |
|
banPeriod |
string |
MatchedRulesList
|
Field |
Description |
|
rules[] |
WafMatchedRule
|
Field |
Description |
|
score |
string |
|
ruleId |
string |
|
ruleSetId |
string |
|
ruleGroupId |
string |
|
data |
string |
|
message |
string |
|
matchedDataVariable |
string |
|
matchedDataKey |
string |
|
matchedDataValue |
string |
|
isBlockingRule |
string |
WafMatchedExclusionRule
|
Field |
Description |
|
exclusionRuleName |
string |
|
excludedRuleIds[] |
string |