How to determine each triggered WAF rule anomaly score
Kemp WAF logs not logging the anomaly score for each request
Version: 7.2.54 and above.
Application: HTTP(S) based.
How to get the Kemp WAF logs to show the anomaly score for each individual request?
|Steps to Reproduce:|
|Cause:||To know why the LoadMaster isn't logging the anomaly scores for each individual request|
|Resolution:||The logs wont actually show the anomaly score of each rule but it will show the severity associated which can be mapped using the following chart:
For instance, using the example above, we see the rule 920350 is marked as [severity "WARNING"] which means that the anomaly score for said rule is 3.