{ "capacity": 1, "created_at": "2026-01-14T11:26:08Z", "decisions": null, "events": [ { "meta": [ { "key": "rule_name", "value": "native_rule:901340" }, { "key": "message", "value": "Enabling body inspection" }, { "key": "uri", "value": "/socket.io/?EIO=4\u0026transport=polling\u0026t=PkyGN_O\u0026sid=BYSeZOBcMq3Mo6yYAAJX" }, { "key": "matched_zones", "value": "REQBODY_PROCESSOR" }, { "key": "data" }, { "key": "target_fqdn", "value": "temp-ns.vobar.eu" } ], "timestamp": "2026-01-14 11:26:08 +0000 UTC" }, { "meta": [ { "key": "rule_name", "value": "native_rule:920420" }, { "key": "message", "value": "Request content type is not allowed by policy" }, { "key": "uri", "value": "/socket.io/?EIO=4\u0026transport=polling\u0026t=PkyGN_O\u0026sid=BYSeZOBcMq3Mo6yYAAJX" }, { "key": "matched_zones", "value": "REQUEST_HEADERS.Content-Type,TX.content_type" }, { "key": "data", "value": "|text/plain|" }, { "key": "target_fqdn", "value": "temp-ns.vobar.eu" } ], "timestamp": "2026-01-14 11:26:08 +0000 UTC" }, { "meta": [ { "key": "rule_name", "value": "native_rule:949110" }, { "key": "message", "value": "Inbound Anomaly Score Exceeded (Total Score: 5)" }, { "key": "uri", "value": "/socket.io/?EIO=4\u0026transport=polling\u0026t=PkyGN_O\u0026sid=BYSeZOBcMq3Mo6yYAAJX" }, { "key": "matched_zones", "value": "TX.blocking_inbound_anomaly_score" }, { "key": "data" }, { "key": "target_fqdn", "value": "temp-ns.vobar.eu" } ], "timestamp": "2026-01-14 11:26:08 +0000 UTC" }, { "meta": [ { "key": "rule_name", "value": "native_rule:980170" }, { "key": "message", "value": "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=5) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=4) - (SQLI=0, XSS=0, RFI=0, LFI=0, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)" }, { "key": "uri", "value": "/socket.io/?EIO=4\u0026transport=polling\u0026t=PkyGN_O\u0026sid=BYSeZOBcMq3Mo6yYAAJX" }, { "key": "matched_zones", "value": "UNKNOWN" }, { "key": "data" }, { "key": "target_fqdn", "value": "temp-ns.vobar.eu" } ], "timestamp": "2026-01-14 11:26:08 +0000 UTC" } ], "events_count": 4, "id": 49953, "labels": null, "leakspeed": "", "machine_id": "localhost", "message": "WAF out-of-band match: anomaly score out-of-band: anomaly: 5, from redacted (172.20.0.6)", "meta": [ { "key": "user_agent", "value": "[\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15\"]" }, { "key": "name", "value": "[\"native_rule:920420\"]" }, { "key": "matched_zones", "value": "[\"REQUEST_HEADERS.Content-Type\",\"TX.content_type\"]" }, { "key": "method", "value": "[\"POST\"]" }, { "key": "ja4h", "value": "[\"po11nn15enus_536e520efc37_000000000000_000000000000\"]" }, { "key": "msg", "value": "[\"Request content type is not allowed by policy\"]" }, { "key": "target_uri", "value": "[\"/socket.io/?EIO=4\\u0026transport=polling\\u0026t=PkyGN_O\\u0026sid=BYSeZOBcMq3Mo6yYAAJX\"]" } ], "scenario": "anomaly score out-of-band: anomaly: 5, ", "scenario_hash": "", "scenario_version": "", "simulated": false, "source": { "as_name": "ATT-INTERNET4", "as_number": "7018", "cn": "US", "ip": "redacted", "latitude": 34.0544, "longitude": -118.244, "range": "redacted", "scope": "Ip", "value": "redacted" }, "start_at": "2026-01-14T11:26:08Z", "stop_at": "2026-01-14T11:26:08Z", "uuid": "ff490c91-3c84-46f5-8ffc-a054ce565f64" }