{"type": "testlog", "configId": "22269", "policyId": "FIST_52163", "anomali": "34.87.65.2", "combinedrules": ["3000039", "3000081", "958052", "973335", "XSS-ANOMALY"], "ruleMessages": ["Cross-site Scripting (XSS) Attack", "Cross-site Scripting (XSS) Attack", "Cross-site Scripting (XSS) Attack", "Cross-site Scripting (XSS) Attack", "Anomaly Score Exceeded for Cross-site Scripting (XSS) Attack"], "ruleTags": ["ASE/WEB_ATTACK/XSS", "ASE/WEB_ATTACK/XSS", "ASE/WEB_ATTACK/XSS", "ASE/WEB_ATTACK/XSS", "ASE/WEB_ATTACK/XSS"], "ruleData": ["document.domain", ")alert(", "alert(", "')alert(document.domain)", "Vector Score: 17, Group Threshold: 7, Triggered Rules: 3000081-958052-3000039-973335, Triggered Scores: 5-5-5-2, Triggered Selector: ARGS:errorCode, Mitigated Rules: , Last Matched Message: "], "ruleActions": ["alert", "alert", "alert", "alert", "deny"], "requestId": "2ed42ca7", "method": "GET", "Host": "test.goodies.com", "path": "/carbon/admin/login.jsp", "User-Agent": "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1866.237 Safari/537.36", "status": "403", "Server": "AkamaiGHost", "Date": "Fri, 25 Aug 2023 09:10:04 GMT"}

Hi @RahulMisra ,

could you share a sample of your full logs, not only a part of them?

Ciao.

Giuseppe