Attack
Web application attack detections
| Type | Field | Display Name | Description |
|---|---|---|---|
| Date | _time | Time | |
| String | log_type | Log type | e.g. INTRUSION |
| String | risk | Risk | e.g. HIGH, MEDIUM, LOW |
| IP address | src_ip | Source IP | Attacker IP address |
| Integer | src_port | Source port | Attacker port |
| IP address | dst_ip | Destination IP | Web server IP address |
| Integer | dst_port | Destination port | Web server port |
| String | signature | Signature | e.g. Buffer Overflow, File Inclusion, SQL Injection |
| Integer | risk_score | Risk score | 0 to 100 |
| String | action | Action | e.g. DETECT, BLOCK |
| String | response | Response | e.g. Detection only, Error code, Page redirection |
| String | policy | Policy | |
| Integer | status | Status | HTTP status code |
| String | host | Host header | |
| String | vhost | Virtual host | |
| String | uri | URI | Path and query string |
| String | reason | Reason | e.g. HTTP protocol has incorrect syntax. |
| String | http_req_headers | HTTP request headers | Convert control chars - #015 CR, #012 LF, #011 tab |
| String | http_resp_headers | HTTP response headers | Convert control chars - #015 CR, #012 LF, #011 tab |
| String | raw_data | Raw data | Convert control chars - #015 CR, #012 LF, #011 tab |