Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

How to determine each triggered WAF rule anomaly score

 

Information

 

Summary:

Kemp WAF logs not logging the anomaly score for each request

Environment:

Product: LoadMaster

Version: 7.2.54 and above.

Platform: Any. 

Application: HTTP(S) based.

Question/Problem Description:

How to get the Kemp WAF logs to show the anomaly score for each individual request?

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause: To know why the LoadMaster isn't logging the anomaly scores for each individual request
Resolution: The logs wont actually show the anomaly score of each rule but it will show the severity associated which can be mapped using the following chart:

Severity Level Default Anomaly Score
CRITICAL 5
ERROR 4
WARNING 3
NOTICE 2

 

WAF_anomaly_score.png

For instance, using the example above, we see the rule 920350 is marked as [severity "WARNING"] which means that the anomaly score for said rule is 3.

Workaround:  
Notes:

https://coreruleset.org/docs/concepts/anomaly_scoring/


Comments