Field Name | Description |
Instance | Select instances. By default, all instances are selected. |
Domain name | Select domain names. By default, all domain names are selected. |
Attack type | Select attack types observed/blocked by security modules. By default, all attack types are selected. |
Action | Select Observe or Block. By default, all actions are selected. |
Risk level | Select High risk, Medium risk or Low risk. By default, all risk levels are selected. |
Time period | Select a time period for the logs you want to search. If this field is not specified, Last 1 hour is selected by default. |
Auto-refresh | Automatically refresh the page at the specified frequency. This feature is disabled by default. |
.abc.com
will also be downloaded.Field Name | Description |
host | The domain name accessed by the client. |
uri | The request URI, which is a character string for identifying resources. |
attack_ip | The source IP of the attack. |
attack_type | The attack type. |
rule_id | ID of the protection rule applied. Note that ID of the AI engine rule is 0. |
method | The request method used in the attack request. |
user_agent | User-Agent that records information about the browser type and operating system used by the attacker IP. |
risk_level | Risk level of the attack. |
status | The action taken on the attack request. Valid values are 0 (Observe) and 1 (Block). |
count | Number of attacks from the same attacker IP every 10 seconds. |
domain | The domain name attacked by the client. |
pan | The domain name accessed by the client. |
domain_name | The domain name accessed by the client. |
attack_time | The time that the attack is launched. |
attack_place | The attack location in the HTTP request. |
action | The action to take on the attack request. Valid values are 0 (Observe) and 1 (Block). |
ipinfo_nation | Country of the attacker IP. |
ipinfo_province | Province/State of the attacker IP. |
ipinfo_city | City of the attacker IP. |
ipinfo_state | Country of the attacker IP. |
ipinfo_dimensionality | Latitude of the attacker IP. |
instance | Name of the WAF instance accessed by the domain name. |
attack_category | The attack category (unavailable currently). |
edition | Edition of the WAF instance. Valid values are sparta-waf (SaaS WAF) and clb-waf (CLB WAF). |
uuid | Unique ID of the log. |
attack_content | The content that was attacked. |
http_log | The log files recording HTTP requests and responses. |
headers | The protocol headers, including custom headers. |
rule_name | The rule name (unavailable currently). |
count | Number of attacks of the same type from the same attacker IP every 10 seconds. |
args_name | Parameters in the HTTP request. |
ipinfo_isp | ISP of the attacker IP. |
appid | APPID of the Tencent Cloud account. |
ipinfo_longitude | Longitude of the attacker IP. |
Was this page helpful?