ql3xHd630

Thanks fir your reply, Next i will show a details: **Issue:** Since Sentinel build-in WAF Analytics Rule "Application Gateway WAF - XSS Detection" and "Application Gateway WAF - SQLi Detection"...

Hello @v-muuppugund, Thanks for your feedback! I look forward to the reply then. thanks!

Hi @v-muuppugund, i have send the waf logs to you. please check. If you have any questions about my mail. please contact me at any time. Thanks!

SInce i research the previous WAF XSS and SQLI rule in sentinel analytics rule kql query(https://analyticsrules.exchange/analyticrules/d2bc08fa-030a-4eea-931a-762d27c6a042/). Not difficute to find that the attack behavor it detect by Message Field in...

i'm sorry for not replying in time. Now i upload search result for two query. The one is for ruleSetVersion_s =="3.1", the oether is for ruleSetVersion_s =="3.2" [3.2.csv](https://github.com/Azure/Azure-Sentinel/files/13910322/3.2.csv) [3.1.csv](https://github.com/Azure/Azure-Sentinel/files/13910318/3.1.csv)

@v-muuppugund got it. thanks.

hi, @v-muuppugund，our WAF update the OWASP_CRS ruleSetVersion_s to 3.2.0 , so we need to get if the logs means actually attack behavior from from logs that ruleSetVersion equal 3.2.0

hi ,@v-muuppugund The key to the problem is that we cannot parse the Block Reason, XSS _SCore, Total Inbound and other fields from Message Field in log using the query...

@v-muuppugund got it ,thanks

hello dirkjanm. i like your azure pentest tools and document very much. how to use ROADtools create a context+ derived key?