Can TR7 WAF Log Details be Sent to SIEM?

Step > 1

First, open the WAF Management screen of the related vService by following "Monitor Mode > Related vService > WAF Management". Click the pencil icon next to "Advanced Settings" under "OWASP Protection Level".

Step > 2

On the opened screen, the "Attack Payload in WAF Info" setting is set to "Same as detailed log" by default.

Step > 3

By enabling the log profile on the related vService, the logs of a blocked request can be checked through SIEM. By default, WAF Info includes details such as WAF time, unique ID, payload, attack ID, scope, and score.

Step > 4

Through "WAF Management > Advanced Settings", enabling the "Attack description" and "Attack severity in WAF Info" options allows sending the attack’s description and severity details to SIEM.