WAF Regex Filter help
Hi All, Posted this in the Slack channel but no bites.
We are trying to filter out data from an WAF log to decrease the log size ingested. I created a parser in the existing WAF pipeline using the “Extract” Operation Mode but I cant seem to get it to function correctly. I was told by support the "Mask Function" would work best, they said "Within that function you can specify the regex and replace it with "". "
Not sure how to go about that route. I'm essentially trying to drop data in the log using the following regex but like i said it doesnt seem to function when I test with sample log. The regex is the following -> nContent-Security-Policy-Report-Only.*?DFCspReportFunction\+blob:.*
Comments
-
Can you share a couple of sample events (sanitized) with how the event comes in and how you would like it to go out?
Also a screenshot of your pipeline.
0