From 2611b53ed0ab308c929ef82dbc7f2a4be58841ee Mon Sep 17 00:00:00 2001
From: sanathkumarbs <b.s.sanathkumar@gmail.com>
Date: Tue, 15 Nov 2022 19:21:26 -0800
Subject: [PATCH] fix: split subviolations and tc by comma

---
 .../nginx-app-protect/monitoring/processor/nap.go         | 4 ++--
 .../processor/testdata/expanded_nap_waf.log.txt           | 2 +-
 .../monitoring/processor/testdata/xml_header_data.log.txt | 2 +-
 .../processor/testdata/xml_parameter_data.log.txt         | 2 +-
 .../testdata/xml_parameter_data_as_param_data.log.txt     | 2 +-
 .../testdata/xml_parameter_data_empty_context.log.txt     | 2 +-
 .../processor/testdata/xml_signature_data.log.txt         | 2 +-
 .../processor/testdata/xml_violation_name.log.txt         | 2 +-
 src/plugins/nap_monitoring.go                             | 2 +-
 .../testData/events-out/expanded_nap_waf.log.txt.out      | 8 ++++----
 .../testData/events-out/xml_header_data.log.txt.out       | 8 ++++----
 .../testData/events-out/xml_parameter_data.log.txt.out    | 8 ++++----
 .../xml_parameter_data_as_param_data.log.txt.out          | 8 ++++----
 .../xml_parameter_data_empty_context.log.txt.out          | 8 ++++----
 .../testData/events-out/xml_signature_data.log.txt.out    | 8 ++++----
 .../testData/events-out/xml_violation_name.log.txt.out    | 8 ++++----
 .../monitoring/testData/logs-in/expanded_nap_waf.log.txt  | 2 +-
 .../monitoring/testData/logs-in/xml_header_data.log.txt   | 2 +-
 .../testData/logs-in/xml_parameter_data.log.txt           | 2 +-
 .../logs-in/xml_parameter_data_as_param_data.log.txt      | 2 +-
 .../logs-in/xml_parameter_data_empty_context.log.txt      | 2 +-
 .../testData/logs-in/xml_signature_data.log.txt           | 2 +-
 .../testData/logs-in/xml_violation_name.log.txt           | 2 +-
 23 files changed, 45 insertions(+), 45 deletions(-)
diff --git a/src/extensions/nginx-app-protect/monitoring/processor/nap.go b/src/extensions/nginx-app-protect/monitoring/processor/nap.go
index 4ee606406..9a93efe49 100644
--- a/src/extensions/nginx-app-protect/monitoring/processor/nap.go
+++ b/src/extensions/nginx-app-protect/monitoring/processor/nap.go
@@ -464,7 +464,7 @@ func setValue(napConfig *NAPConfig, key, value string, logger *logrus.Entry) err
 	case sigSetNames:
 		napConfig.SigSetNames = replaceEncodedList(value, listSeperator)
 	case threatCampaignNames:
-		napConfig.ThreatCampaignNames = value
+		napConfig.ThreatCampaignNames = replaceEncodedList(value, listSeperator)
 	case violationDetails:
 		napConfig.ViolationDetailsXML = func(data string) *BADMSG {
 			var xmlData BADMSG
@@ -513,7 +513,7 @@ func setValue(napConfig *NAPConfig, key, value string, logger *logrus.Entry) err
 	case sigCVEs:
 		napConfig.SignatureCVEs = replaceEncodedList(value, listSeperator)
 	case subViolations:
-		napConfig.SubViolations = value
+		napConfig.SubViolations = replaceEncodedList(value, listSeperator)
 	case supportID:
 		napConfig.SupportID = value
 	case violations:
diff --git a/src/extensions/nginx-app-protect/monitoring/processor/testdata/expanded_nap_waf.log.txt b/src/extensions/nginx-app-protect/monitoring/processor/testdata/expanded_nap_waf.log.txt
index 3580c2d44..ed7cc6e70 100644
--- a/src/extensions/nginx-app-protect/monitoring/processor/testdata/expanded_nap_waf.log.txt
+++ b/src/extensions/nginx-app-protect/monitoring/processor/testdata/expanded_nap_waf.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592513,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?><BAD_MSG><violation_masks><block>410000000200c00-3a03030c30000072-8000000000000000-0</block><alarm>477f0ffcbbd0fea-befbf35cb000007e-8000000000000000-0</alarm><learn>0-20-0-0</learn><staging>0-0-0-0</staging></violation_masks><request-violations><violation><viol_index>42</viol_index><viol_name>VIOL_ATTACK_SIGNATURE</viol_name><context>parameter</context><parameter_data><value_error/><enforcement_level>global</enforcement_level><name>YQ==</name><auto_detected_type>alpha-numeric</auto_detected_type><value>PHNjcmlwdD4=</value><location>query</location><param_name_pattern>*</param_name_pattern><staging>0</staging></parameter_data><staging>0</staging><sig_data><sig_id>200001475</sig_id><blocking_mask>3</blocking_mask><kw_data><buffer>YT08c2NyaXB0Pg==</buffer><offset>3</offset><length>7</length></kw_data></sig_data><sig_data><sig_id>200000098</sig_id><blocking_mask>3</blocking_mask><kw_data><buffer>YT08c2NyaXB0Pg==</buffer><offset>2</offset><length>7</length></kw_data></sig_data></violation><violation><viol_index>14</viol_index><viol_name>VIOL_HTTP_PROTOCOL</viol_name><http_sanity_checks_status>2048</http_sanity_checks_status><http_sub_violation_status>2048</http_sub_violation_status><http_sub_violation>SG9zdCBoZWFkZXIgd2l0aCBJUCB2YWx1ZTogMTAuMTQ2LjE3OS4xMTk=</http_sub_violation></violation><violation><viol_index>24</viol_index><viol_name>VIOL_PARAMETER_VALUE_METACHAR</viol_name><parameter_data><value_error/><enforcement_level>global</enforcement_level><name>YQ==</name><auto_detected_type>alpha-numeric</auto_detected_type><value>PHNjcmlwdD4=</value><location>query</location></parameter_data><wildcard_entity>*</wildcard_entity><staging>0</staging><language_type>4</language_type><metachar_index>60</metachar_index><metachar_index>62</metachar_index></violation></request-violations></BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n,HTTP/1.1
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address::HTTP protocol compliance failed:Evasion technique,4355056874564592513,campaign1::campaign2,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?><BAD_MSG><violation_masks><block>410000000200c00-3a03030c30000072-8000000000000000-0</block><alarm>477f0ffcbbd0fea-befbf35cb000007e-8000000000000000-0</alarm><learn>0-20-0-0</learn><staging>0-0-0-0</staging></violation_masks><request-violations><violation><viol_index>42</viol_index><viol_name>VIOL_ATTACK_SIGNATURE</viol_name><context>parameter</context><parameter_data><value_error/><enforcement_level>global</enforcement_level><name>YQ==</name><auto_detected_type>alpha-numeric</auto_detected_type><value>PHNjcmlwdD4=</value><location>query</location><param_name_pattern>*</param_name_pattern><staging>0</staging></parameter_data><staging>0</staging><sig_data><sig_id>200001475</sig_id><blocking_mask>3</blocking_mask><kw_data><buffer>YT08c2NyaXB0Pg==</buffer><offset>3</offset><length>7</length></kw_data></sig_data><sig_data><sig_id>200000098</sig_id><blocking_mask>3</blocking_mask><kw_data><buffer>YT08c2NyaXB0Pg==</buffer><offset>2</offset><length>7</length></kw_data></sig_data></violation><violation><viol_index>14</viol_index><viol_name>VIOL_HTTP_PROTOCOL</viol_name><http_sanity_checks_status>2048</http_sanity_checks_status><http_sub_violation_status>2048</http_sub_violation_status><http_sub_violation>SG9zdCBoZWFkZXIgd2l0aCBJUCB2YWx1ZTogMTAuMTQ2LjE3OS4xMTk=</http_sub_violation></violation><violation><viol_index>24</viol_index><viol_name>VIOL_PARAMETER_VALUE_METACHAR</viol_name><parameter_data><value_error/><enforcement_level>global</enforcement_level><name>YQ==</name><auto_detected_type>alpha-numeric</auto_detected_type><value>PHNjcmlwdD4=</value><location>query</location></parameter_data><wildcard_entity>*</wildcard_entity><staging>0</staging><language_type>4</language_type><metachar_index>60</metachar_index><metachar_index>62</metachar_index></violation></request-violations></BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n,HTTP/1.1
\ No newline at end of file
diff --git a/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_header_data.log.txt b/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_header_data.log.txt
index 146caaff4..958c0acb7 100644
--- a/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_header_data.log.txt
+++ b/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_header_data.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592514,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <violation_masks> <block>410000000200c00-3a03030c30000072-8000000000000000-0</block> <alarm>477f0ffcbbd0fea-befbf35cb000007e-8000000000000000-0</alarm> <learn>0-2-0-0</learn> <staging>0-0-0-0</staging> </violation_masks> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <context>header</context> <header> <header_name>Rm9v</header_name> <header_value>ZWNobzwhLS0gI2VjaG8=</header_value> <header_pattern>*</header_pattern> <staging>0</staging> </header> <staging>0</staging> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address::HTTP protocol compliance failed:Evasion technique,4355056874564592514,campaign1::campaign2,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <violation_masks> <block>410000000200c00-3a03030c30000072-8000000000000000-0</block> <alarm>477f0ffcbbd0fea-befbf35cb000007e-8000000000000000-0</alarm> <learn>0-2-0-0</learn> <staging>0-0-0-0</staging> </violation_masks> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <context>header</context> <header> <header_name>Rm9v</header_name> <header_value>ZWNobzwhLS0gI2VjaG8=</header_value> <header_pattern>*</header_pattern> <staging>0</staging> </header> <staging>0</staging> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
diff --git a/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data.log.txt b/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data.log.txt
index d3dfcbcc2..8b93d2896 100644
--- a/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data.log.txt
+++ b/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592515,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <context>parameter</context> <parameter_data> <value_error/> <enforcement_level>global</enforcement_level> <name/> <value>ZjVwYXJhbWF1dG90ZXN0Pg==</value> <param_name_pattern>*</param_name_pattern> <staging>0</staging> </parameter_data> <staging>0</staging> <sig_data> <sig_id>300000110</sig_id> <blocking_mask>7</blocking_mask> <kw_data> <buffer>PWY1cGFyYW1hdXRvdGVzdD4=</buffer> <offset>1</offset> <length>15</length> </kw_data> </sig_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address::HTTP protocol compliance failed:Evasion technique,4355056874564592515,campaign1::campaign2,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <context>parameter</context> <parameter_data> <value_error/> <enforcement_level>global</enforcement_level> <name/> <value>ZjVwYXJhbWF1dG90ZXN0Pg==</value> <param_name_pattern>*</param_name_pattern> <staging>0</staging> </parameter_data> <staging>0</staging> <sig_data> <sig_id>300000110</sig_id> <blocking_mask>7</blocking_mask> <kw_data> <buffer>PWY1cGFyYW1hdXRvdGVzdD4=</buffer> <offset>1</offset> <length>15</length> </kw_data> </sig_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
diff --git a/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data_as_param_data.log.txt b/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data_as_param_data.log.txt
index 0a626b9e3..908315ee7 100644
--- a/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data_as_param_data.log.txt
+++ b/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data_as_param_data.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592516,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?> <BAD_MSG> <request-violations> <violation> <viol_index>52</viol_index> <viol_name>VIOL_JSON_MALFORMED</viol_name> <context>parameter</context> <param_data> <param_name>anNvbg==</param_name> <staging>0</staging> <param_value>eyAiYSI6ICLW1iJ9</param_value> </param_data> <staging>0</staging> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address::HTTP protocol compliance failed:Evasion technique,4355056874564592516,campaign1::campaign2,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?> <BAD_MSG> <request-violations> <violation> <viol_index>52</viol_index> <viol_name>VIOL_JSON_MALFORMED</viol_name> <context>parameter</context> <param_data> <param_name>anNvbg==</param_name> <staging>0</staging> <param_value>eyAiYSI6ICLW1iJ9</param_value> </param_data> <staging>0</staging> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
diff --git a/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data_empty_context.log.txt b/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data_empty_context.log.txt
index d4426a383..6a1b5f506 100644
--- a/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data_empty_context.log.txt
+++ b/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data_empty_context.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592517,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <request-violations> <violation> <viol_index>33</viol_index> <viol_name>VIOL_PARAMETER</viol_name> <parameter_data> <value_error/> <enforcement_level>unknown level</enforcement_level> <name>eA==</name> <value>MQ==</value> </parameter_data> </violation> <violation> <viol_index>33</viol_index> <viol_name>VIOL_PARAMETER</viol_name> <parameter_data> <value_error/> <enforcement_level>unknown level</enforcement_level> <name>eQ==</name> <value>JQ==</value> </parameter_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address::HTTP protocol compliance failed:Evasion technique,4355056874564592517,campaign1::campaign2,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <request-violations> <violation> <viol_index>33</viol_index> <viol_name>VIOL_PARAMETER</viol_name> <parameter_data> <value_error/> <enforcement_level>unknown level</enforcement_level> <name>eA==</name> <value>MQ==</value> </parameter_data> </violation> <violation> <viol_index>33</viol_index> <viol_name>VIOL_PARAMETER</viol_name> <parameter_data> <value_error/> <enforcement_level>unknown level</enforcement_level> <name>eQ==</name> <value>JQ==</value> </parameter_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
diff --git a/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_signature_data.log.txt b/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_signature_data.log.txt
index 8571bf8ed..775367ba2 100644
--- a/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_signature_data.log.txt
+++ b/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_signature_data.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592518,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?> <BAD_MSG> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <sig_data> <sig_id>200021094</sig_id> <blocking_mask>4</blocking_mask> <kw_data> <buffer>Q29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KSG9zdDogYS5jb20NClVzZXItQWdlbnQ6IEphdmEvMS43LjBfNTENCkFjY2VwdDogdGV4dC9odG1sLCBpbWFnZS9naWYsIGltYWdlL2pwZWcsICo7IHE9LjIsICovKjsgcT0uMg0KDQo=</buffer> <offset>37</offset> <length>16</length> </kw_data> </sig_data> <sig_data> <sig_id>200011034</sig_id> <blocking_mask>2</blocking_mask> <kw_data> <buffer>cHQ6ICovKg0KRm9vOiBBdXRob3JpemF0aW9uOiAlbiVuJW4lbg0KRm9vOiBlY2hvPCEtLSAjZWNobw0KWDE4</buffer> <offset>29</offset> <length>6</length> </kw_data> </sig_data> <sig_data> <sig_id>200000179</sig_id> <blocking_mask>3</blocking_mask> <kw_data> <buffer>Nw0KQWNjZXB0OiAqLyoNCkZvbzogQXV0aG9yaXphdGlvbjogJW4lbiVuJW4NCkZvbzogZWNobzwhLS0gI2Vj</buffer> <offset>21</offset> <length>23</length> </kw_data> </sig_data> <sig_data> <sig_id>200004106</sig_id> <blocking_mask>2</blocking_mask> <kw_data> <buffer>emF0aW9uOiAlbiVuJW4lbg0KRm9vOiBlY2hvPCEtLSAjZWNobw0KWDE4OTI6IGVjaG8NClgxODkzOiAnPCEt</buffer> <offset>27</offset> <length>10</length> </kw_data> </sig_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address::HTTP protocol compliance failed:Evasion technique,4355056874564592518,campaign1::campaign2,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?> <BAD_MSG> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <sig_data> <sig_id>200021094</sig_id> <blocking_mask>4</blocking_mask> <kw_data> <buffer>Q29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KSG9zdDogYS5jb20NClVzZXItQWdlbnQ6IEphdmEvMS43LjBfNTENCkFjY2VwdDogdGV4dC9odG1sLCBpbWFnZS9naWYsIGltYWdlL2pwZWcsICo7IHE9LjIsICovKjsgcT0uMg0KDQo=</buffer> <offset>37</offset> <length>16</length> </kw_data> </sig_data> <sig_data> <sig_id>200011034</sig_id> <blocking_mask>2</blocking_mask> <kw_data> <buffer>cHQ6ICovKg0KRm9vOiBBdXRob3JpemF0aW9uOiAlbiVuJW4lbg0KRm9vOiBlY2hvPCEtLSAjZWNobw0KWDE4</buffer> <offset>29</offset> <length>6</length> </kw_data> </sig_data> <sig_data> <sig_id>200000179</sig_id> <blocking_mask>3</blocking_mask> <kw_data> <buffer>Nw0KQWNjZXB0OiAqLyoNCkZvbzogQXV0aG9yaXphdGlvbjogJW4lbiVuJW4NCkZvbzogZWNobzwhLS0gI2Vj</buffer> <offset>21</offset> <length>23</length> </kw_data> </sig_data> <sig_data> <sig_id>200004106</sig_id> <blocking_mask>2</blocking_mask> <kw_data> <buffer>emF0aW9uOiAlbiVuJW4lbg0KRm9vOiBlY2hvPCEtLSAjZWNobw0KWDE4OTI6IGVjaG8NClgxODkzOiAnPCEt</buffer> <offset>27</offset> <length>10</length> </kw_data> </sig_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
diff --git a/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_violation_name.log.txt b/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_violation_name.log.txt
index 8d10ae6c7..2278c55bd 100644
--- a/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_violation_name.log.txt
+++ b/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_violation_name.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592519,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?><BAD_MSG><request-violations><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8x</cookie_name></violation><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8zMQ==</cookie_name></violation><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8x</cookie_name></violation><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8zMQ==</cookie_name></violation></request-violations></BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address::HTTP protocol compliance failed:Evasion technique,4355056874564592519,campaign1::campaign2,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?><BAD_MSG><request-violations><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8x</cookie_name></violation><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8zMQ==</cookie_name></violation><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8x</cookie_name></violation><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8zMQ==</cookie_name></violation></request-violations></BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
diff --git a/src/plugins/nap_monitoring.go b/src/plugins/nap_monitoring.go
index 832b88562..e10d28b1b 100644
--- a/src/plugins/nap_monitoring.go
+++ b/src/plugins/nap_monitoring.go
@@ -108,7 +108,7 @@ func (n *NAPMonitoring) run() {
 			}
 		case <-riTicker.C:
 			if len(report.Events) > 0 {
-				log.Infof("reached a report interval of %vs, sending %d Security Violation Events as a report", n.reportInterval.Seconds(), n.reportCount)
+				log.Infof("reached a report interval of %vs, sending %d Security Violation Events as a report", n.reportInterval.Seconds(), len(report.Events))
 				n.send(report)
 			}
 		case <-n.ctx.Done():
diff --git a/test/component/nginx-app-protect/monitoring/testData/events-out/expanded_nap_waf.log.txt.out b/test/component/nginx-app-protect/monitoring/testData/events-out/expanded_nap_waf.log.txt.out
index 6871bc85e..fc8041449 100755
--- a/test/component/nginx-app-protect/monitoring/testData/events-out/expanded_nap_waf.log.txt.out
+++ b/test/component/nginx-app-protect/monitoring/testData/events-out/expanded_nap_waf.log.txt.out
@@ -1,8 +1,8 @@
 
-i
-Agent$9dde6a00-6209-11ed-8365-5671f551701b4355056874564592513"�������8*ERROR2Nginx:
-AppProtect�
-app_protect_default_policy4355056874564592513REJECTED"SECURITY_WAF_VIOLATION*N/A2GET:HTTPBN/AJ^GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\nRHTTP/1.1bblockedjBlockedz1-localhost:1-/�	127.0.0.1�61478�80��HTTP protocol compliance failed,Illegal meta character in value,Attack signature detected,Violation Rating Threat detected,Bot Client Detected�?HTTP protocol compliance failed:Host header contains IP address�5�u{Cross Site Scripting Signatures;High Accuracy Signatures},{Cross Site Scripting Signatures;High Accuracy Signatures}�,�Untrusted Bot�N/A�N/A�critical�N/A�N/A�HTTP Library�N/A�curl�	parameter�u
+j
+Agent$8b8e7050-655d-11ed-9d1d-5671f551701b4355056874564592513"ܭћ����*ERROR2Nginx:
+AppProtect�
+app_protect_default_policy4355056874564592513REJECTED"SECURITY_WAF_VIOLATION*N/A2GET:HTTPBN/AJ^GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\nRHTTP/1.1bblockedjBlockedz1-localhost:1-/�	127.0.0.1�61478�80��HTTP protocol compliance failed,Illegal meta character in value,Attack signature detected,Violation Rating Threat detected,Bot Client Detected�qHTTP protocol compliance failed:Host header contains IP address,HTTP protocol compliance failed:Evasion technique�5�u{Cross Site Scripting Signatures;High Accuracy Signatures},{Cross Site Scripting Signatures;High Accuracy Signatures}�,�Untrusted Bot�N/A�N/A�critical�campaign1,campaign2�N/A�HTTP Library�N/A�curl�	parameter�u
 VIOL_ATTACK_SIGNATURE	parameter
 a<script>" 
 	2000014753
diff --git a/test/component/nginx-app-protect/monitoring/testData/events-out/xml_header_data.log.txt.out b/test/component/nginx-app-protect/monitoring/testData/events-out/xml_header_data.log.txt.out
index fca92ae42..86e94fa06 100755
--- a/test/component/nginx-app-protect/monitoring/testData/events-out/xml_header_data.log.txt.out
+++ b/test/component/nginx-app-protect/monitoring/testData/events-out/xml_header_data.log.txt.out
@@ -1,7 +1,7 @@
 
-i
-Agent$a3d7c42e-6209-11ed-8365-5671f551701b4355056874564592514"�������B*ERROR2Nginx:
-AppProtect�
-app_protect_default_policy4355056874564592514REJECTED"SECURITY_WAF_VIOLATION*N/A2GET:HTTPBN/AJ/R^GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\nbblockedjBlockedz1-localhost:1-/�	127.0.0.1�61478�80��HTTP protocol compliance failed,Illegal meta character in value,Attack signature detected,Violation Rating Threat detected,Bot Client Detected�?HTTP protocol compliance failed:Host header contains IP address�5�u{Cross Site Scripting Signatures;High Accuracy Signatures},{Cross Site Scripting Signatures;High Accuracy Signatures}�,�Untrusted Bot�N/A�N/A�critical�N/A�N/A�HTTP Library�N/A�curl�header�6
+j
+Agent$918784d8-655d-11ed-9d1d-5671f551701b4355056874564592514"�ћ����*ERROR2Nginx:
+AppProtect�
+app_protect_default_policy4355056874564592514REJECTED"SECURITY_WAF_VIOLATION*N/A2GET:HTTPBN/AJ/R^GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\nbblockedjBlockedz1-localhost:1-/�	127.0.0.1�61478�80��HTTP protocol compliance failed,Illegal meta character in value,Attack signature detected,Violation Rating Threat detected,Bot Client Detected�qHTTP protocol compliance failed:Host header contains IP address,HTTP protocol compliance failed:Evasion technique�5�u{Cross Site Scripting Signatures;High Accuracy Signatures},{Cross Site Scripting Signatures;High Accuracy Signatures}�,�Untrusted Bot�N/A�N/A�critical�campaign1,campaign2�N/A�HTTP Library�N/A�curl�header�6
 VIOL_ATTACK_SIGNATUREheader
 Fooecho<!-- #echo
\ No newline at end of file
diff --git a/test/component/nginx-app-protect/monitoring/testData/events-out/xml_parameter_data.log.txt.out b/test/component/nginx-app-protect/monitoring/testData/events-out/xml_parameter_data.log.txt.out
index 42c039810..a1925a774 100755
--- a/test/component/nginx-app-protect/monitoring/testData/events-out/xml_parameter_data.log.txt.out
+++ b/test/component/nginx-app-protect/monitoring/testData/events-out/xml_parameter_data.log.txt.out
@@ -1,7 +1,7 @@
 
-i
-Agent$a042502c-6209-11ed-8365-5671f551701b4355056874564592515"�������=*ERROR2Nginx:
-AppProtect�
-app_protect_default_policy4355056874564592515REJECTED"SECURITY_WAF_VIOLATION*N/A2GET:HTTPBN/AJ/R^GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\nbblockedjBlockedz1-localhost:1-/�	127.0.0.1�61478�80��HTTP protocol compliance failed,Illegal meta character in value,Attack signature detected,Violation Rating Threat detected,Bot Client Detected�?HTTP protocol compliance failed:Host header contains IP address�5�u{Cross Site Scripting Signatures;High Accuracy Signatures},{Cross Site Scripting Signatures;High Accuracy Signatures}�,�Untrusted Bot�N/A�N/A�critical�N/A�N/A�HTTP Library�N/A�curl�	parameter�`
+j
+Agent$8df29cea-655d-11ed-9d1d-5671f551701b4355056874564592515"�ћ��ѧ*ERROR2Nginx:
+AppProtect�
+app_protect_default_policy4355056874564592515REJECTED"SECURITY_WAF_VIOLATION*N/A2GET:HTTPBN/AJ/R^GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\nbblockedjBlockedz1-localhost:1-/�	127.0.0.1�61478�80��HTTP protocol compliance failed,Illegal meta character in value,Attack signature detected,Violation Rating Threat detected,Bot Client Detected�qHTTP protocol compliance failed:Host header contains IP address,HTTP protocol compliance failed:Evasion technique�5�u{Cross Site Scripting Signatures;High Accuracy Signatures},{Cross Site Scripting Signatures;High Accuracy Signatures}�,�Untrusted Bot�N/A�N/A�critical�campaign1,campaign2�N/A�HTTP Library�N/A�curl�	parameter�`
 VIOL_ATTACK_SIGNATURE	parameterf5paramautotest>"(
 	3000001107=f5paramautotest>"1*15
\ No newline at end of file
diff --git a/test/component/nginx-app-protect/monitoring/testData/events-out/xml_parameter_data_as_param_data.log.txt.out b/test/component/nginx-app-protect/monitoring/testData/events-out/xml_parameter_data_as_param_data.log.txt.out
index 3ae2ff1d6..327b9de37 100755
--- a/test/component/nginx-app-protect/monitoring/testData/events-out/xml_parameter_data_as_param_data.log.txt.out
+++ b/test/component/nginx-app-protect/monitoring/testData/events-out/xml_parameter_data_as_param_data.log.txt.out
@@ -1,7 +1,7 @@
 
-i
-Agent$a2a60b2e-6209-11ed-8365-5671f551701b4355056874564592516"������A*ERROR2Nginx:
-AppProtect�
-app_protect_default_policy4355056874564592516REJECTED"SECURITY_WAF_VIOLATION*N/A2GET:HTTPBN/AJ/R^GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\nbblockedjBlockedz1-localhost:1-/�	127.0.0.1�61478�80��HTTP protocol compliance failed,Illegal meta character in value,Attack signature detected,Violation Rating Threat detected,Bot Client Detected�?HTTP protocol compliance failed:Host header contains IP address�5�u{Cross Site Scripting Signatures;High Accuracy Signatures},{Cross Site Scripting Signatures;High Accuracy Signatures}�,�Untrusted Bot�N/A�N/A�critical�N/A�N/A�HTTP Library�N/A�curl�	parameter�6
+j
+Agent$9055c4ee-655d-11ed-9d1d-5671f551701b4355056874564592516"�ћ����*ERROR2Nginx:
+AppProtect�
+app_protect_default_policy4355056874564592516REJECTED"SECURITY_WAF_VIOLATION*N/A2GET:HTTPBN/AJ/R^GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\nbblockedjBlockedz1-localhost:1-/�	127.0.0.1�61478�80��HTTP protocol compliance failed,Illegal meta character in value,Attack signature detected,Violation Rating Threat detected,Bot Client Detected�qHTTP protocol compliance failed:Host header contains IP address,HTTP protocol compliance failed:Evasion technique�5�u{Cross Site Scripting Signatures;High Accuracy Signatures},{Cross Site Scripting Signatures;High Accuracy Signatures}�,�Untrusted Bot�N/A�N/A�critical�campaign1,campaign2�N/A�HTTP Library�N/A�curl�	parameter�6
 VIOL_JSON_MALFORMED	parameter
 json{ "a": "��"}
\ No newline at end of file
diff --git a/test/component/nginx-app-protect/monitoring/testData/events-out/xml_parameter_data_empty_context.log.txt.out b/test/component/nginx-app-protect/monitoring/testData/events-out/xml_parameter_data_empty_context.log.txt.out
index 4b2f1aab1..13edeb865 100755
--- a/test/component/nginx-app-protect/monitoring/testData/events-out/xml_parameter_data_empty_context.log.txt.out
+++ b/test/component/nginx-app-protect/monitoring/testData/events-out/xml_parameter_data_empty_context.log.txt.out
@@ -1,8 +1,8 @@
 
-i
-Agent$a174355a-6209-11ed-8365-5671f551701b4355056874564592517"�������>*ERROR2Nginx:
-AppProtect�
-app_protect_default_policy4355056874564592517REJECTED"SECURITY_WAF_VIOLATION*N/A2GET:HTTPBN/AJ/R^GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\nbblockedjBlockedz1-localhost:1-/�	127.0.0.1�61478�80��HTTP protocol compliance failed,Illegal meta character in value,Attack signature detected,Violation Rating Threat detected,Bot Client Detected�?HTTP protocol compliance failed:Host header contains IP address�5�u{Cross Site Scripting Signatures;High Accuracy Signatures},{Cross Site Scripting Signatures;High Accuracy Signatures}�,�Untrusted Bot�N/A�N/A�critical�N/A�N/A�HTTP Library�N/A�curl�
+j
+Agent$8f244fc8-655d-11ed-9d1d-5671f551701b4355056874564592517"�ћ��*ERROR2Nginx:
+AppProtect�
+app_protect_default_policy4355056874564592517REJECTED"SECURITY_WAF_VIOLATION*N/A2GET:HTTPBN/AJ/R^GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\nbblockedjBlockedz1-localhost:1-/�	127.0.0.1�61478�80��HTTP protocol compliance failed,Illegal meta character in value,Attack signature detected,Violation Rating Threat detected,Bot Client Detected�qHTTP protocol compliance failed:Host header contains IP address,HTTP protocol compliance failed:Evasion technique�5�u{Cross Site Scripting Signatures;High Accuracy Signatures},{Cross Site Scripting Signatures;High Accuracy Signatures}�,�Untrusted Bot�N/A�N/A�critical�campaign1,campaign2�N/A�HTTP Library�N/A�curl�
 VIOL_PARAMETER
 x1�
 VIOL_PARAMETER
diff --git a/test/component/nginx-app-protect/monitoring/testData/events-out/xml_signature_data.log.txt.out b/test/component/nginx-app-protect/monitoring/testData/events-out/xml_signature_data.log.txt.out
index 17bf0c5e1..c377900c1 100755
--- a/test/component/nginx-app-protect/monitoring/testData/events-out/xml_signature_data.log.txt.out
+++ b/test/component/nginx-app-protect/monitoring/testData/events-out/xml_signature_data.log.txt.out
@@ -1,8 +1,8 @@
 
-i
-Agent$a509bc08-6209-11ed-8365-5671f551701b4355056874564592518"�������E*ERROR2Nginx:
-AppProtect�
-app_protect_default_policy4355056874564592518REJECTED"SECURITY_WAF_VIOLATION*N/A2GET:HTTPBN/AJ/R^GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\nbblockedjBlockedz1-localhost:1-/�	127.0.0.1�61478�80��HTTP protocol compliance failed,Illegal meta character in value,Attack signature detected,Violation Rating Threat detected,Bot Client Detected�?HTTP protocol compliance failed:Host header contains IP address�5�u{Cross Site Scripting Signatures;High Accuracy Signatures},{Cross Site Scripting Signatures;High Accuracy Signatures}�,�Untrusted Bot�N/A�N/A�critical�N/A�N/A�HTTP Library�N/A�curl��
+j
+Agent$92b94a3a-655d-11ed-9d1d-5671f551701b4355056874564592518"�ћ���*ERROR2Nginx:
+AppProtect�	
+app_protect_default_policy4355056874564592518REJECTED"SECURITY_WAF_VIOLATION*N/A2GET:HTTPBN/AJ/R^GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\nbblockedjBlockedz1-localhost:1-/�	127.0.0.1�61478�80��HTTP protocol compliance failed,Illegal meta character in value,Attack signature detected,Violation Rating Threat detected,Bot Client Detected�qHTTP protocol compliance failed:Host header contains IP address,HTTP protocol compliance failed:Evasion technique�5�u{Cross Site Scripting Signatures;High Accuracy Signatures},{Cross Site Scripting Signatures;High Accuracy Signatures}�,�Untrusted Bot�N/A�N/A�critical�campaign1,campaign2�N/A�HTTP Library�N/A�curl��
 VIOL_ATTACK_SIGNATURE"�
 	2000210944�Connection: keep-alive
 Host: a.com
diff --git a/test/component/nginx-app-protect/monitoring/testData/events-out/xml_violation_name.log.txt.out b/test/component/nginx-app-protect/monitoring/testData/events-out/xml_violation_name.log.txt.out
index 1653b26f1..45b90dace 100755
--- a/test/component/nginx-app-protect/monitoring/testData/events-out/xml_violation_name.log.txt.out
+++ b/test/component/nginx-app-protect/monitoring/testData/events-out/xml_violation_name.log.txt.out
@@ -1,8 +1,8 @@
 
-i
-Agent$9f103ade-6209-11ed-8365-5671f551701b4355056874564592519"�������:*ERROR2Nginx:
-AppProtect�
-app_protect_default_policy4355056874564592519REJECTED"SECURITY_WAF_VIOLATION*N/A2GET:HTTPBN/AJ/R^GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\nbblockedjBlockedz1-localhost:1-/�	127.0.0.1�61478�80��HTTP protocol compliance failed,Illegal meta character in value,Attack signature detected,Violation Rating Threat detected,Bot Client Detected�?HTTP protocol compliance failed:Host header contains IP address�5�u{Cross Site Scripting Signatures;High Accuracy Signatures},{Cross Site Scripting Signatures;High Accuracy Signatures}�,�Untrusted Bot�N/A�N/A�critical�N/A�N/A�HTTP Library�N/A�curl�
+j
+Agent$8cc0ab8c-655d-11ed-9d1d-5671f551701b4355056874564592519"ޭћ�Ϡ�*ERROR2Nginx:
+AppProtect�
+app_protect_default_policy4355056874564592519REJECTED"SECURITY_WAF_VIOLATION*N/A2GET:HTTPBN/AJ/R^GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\nbblockedjBlockedz1-localhost:1-/�	127.0.0.1�61478�80��HTTP protocol compliance failed,Illegal meta character in value,Attack signature detected,Violation Rating Threat detected,Bot Client Detected�qHTTP protocol compliance failed:Host header contains IP address,HTTP protocol compliance failed:Evasion technique�5�u{Cross Site Scripting Signatures;High Accuracy Signatures},{Cross Site Scripting Signatures;High Accuracy Signatures}�,�Untrusted Bot�N/A�N/A�critical�campaign1,campaign2�N/A�HTTP Library�N/A�curl�
 VIOL_ASM_COOKIE_MODIFIED�
 VIOL_ASM_COOKIE_MODIFIED�
 VIOL_ASM_COOKIE_MODIFIED�
diff --git a/test/component/nginx-app-protect/monitoring/testData/logs-in/expanded_nap_waf.log.txt b/test/component/nginx-app-protect/monitoring/testData/logs-in/expanded_nap_waf.log.txt
index 3580c2d44..ed7cc6e70 100644
--- a/test/component/nginx-app-protect/monitoring/testData/logs-in/expanded_nap_waf.log.txt
+++ b/test/component/nginx-app-protect/monitoring/testData/logs-in/expanded_nap_waf.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592513,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?><BAD_MSG><violation_masks><block>410000000200c00-3a03030c30000072-8000000000000000-0</block><alarm>477f0ffcbbd0fea-befbf35cb000007e-8000000000000000-0</alarm><learn>0-20-0-0</learn><staging>0-0-0-0</staging></violation_masks><request-violations><violation><viol_index>42</viol_index><viol_name>VIOL_ATTACK_SIGNATURE</viol_name><context>parameter</context><parameter_data><value_error/><enforcement_level>global</enforcement_level><name>YQ==</name><auto_detected_type>alpha-numeric</auto_detected_type><value>PHNjcmlwdD4=</value><location>query</location><param_name_pattern>*</param_name_pattern><staging>0</staging></parameter_data><staging>0</staging><sig_data><sig_id>200001475</sig_id><blocking_mask>3</blocking_mask><kw_data><buffer>YT08c2NyaXB0Pg==</buffer><offset>3</offset><length>7</length></kw_data></sig_data><sig_data><sig_id>200000098</sig_id><blocking_mask>3</blocking_mask><kw_data><buffer>YT08c2NyaXB0Pg==</buffer><offset>2</offset><length>7</length></kw_data></sig_data></violation><violation><viol_index>14</viol_index><viol_name>VIOL_HTTP_PROTOCOL</viol_name><http_sanity_checks_status>2048</http_sanity_checks_status><http_sub_violation_status>2048</http_sub_violation_status><http_sub_violation>SG9zdCBoZWFkZXIgd2l0aCBJUCB2YWx1ZTogMTAuMTQ2LjE3OS4xMTk=</http_sub_violation></violation><violation><viol_index>24</viol_index><viol_name>VIOL_PARAMETER_VALUE_METACHAR</viol_name><parameter_data><value_error/><enforcement_level>global</enforcement_level><name>YQ==</name><auto_detected_type>alpha-numeric</auto_detected_type><value>PHNjcmlwdD4=</value><location>query</location></parameter_data><wildcard_entity>*</wildcard_entity><staging>0</staging><language_type>4</language_type><metachar_index>60</metachar_index><metachar_index>62</metachar_index></violation></request-violations></BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n,HTTP/1.1
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address::HTTP protocol compliance failed:Evasion technique,4355056874564592513,campaign1::campaign2,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?><BAD_MSG><violation_masks><block>410000000200c00-3a03030c30000072-8000000000000000-0</block><alarm>477f0ffcbbd0fea-befbf35cb000007e-8000000000000000-0</alarm><learn>0-20-0-0</learn><staging>0-0-0-0</staging></violation_masks><request-violations><violation><viol_index>42</viol_index><viol_name>VIOL_ATTACK_SIGNATURE</viol_name><context>parameter</context><parameter_data><value_error/><enforcement_level>global</enforcement_level><name>YQ==</name><auto_detected_type>alpha-numeric</auto_detected_type><value>PHNjcmlwdD4=</value><location>query</location><param_name_pattern>*</param_name_pattern><staging>0</staging></parameter_data><staging>0</staging><sig_data><sig_id>200001475</sig_id><blocking_mask>3</blocking_mask><kw_data><buffer>YT08c2NyaXB0Pg==</buffer><offset>3</offset><length>7</length></kw_data></sig_data><sig_data><sig_id>200000098</sig_id><blocking_mask>3</blocking_mask><kw_data><buffer>YT08c2NyaXB0Pg==</buffer><offset>2</offset><length>7</length></kw_data></sig_data></violation><violation><viol_index>14</viol_index><viol_name>VIOL_HTTP_PROTOCOL</viol_name><http_sanity_checks_status>2048</http_sanity_checks_status><http_sub_violation_status>2048</http_sub_violation_status><http_sub_violation>SG9zdCBoZWFkZXIgd2l0aCBJUCB2YWx1ZTogMTAuMTQ2LjE3OS4xMTk=</http_sub_violation></violation><violation><viol_index>24</viol_index><viol_name>VIOL_PARAMETER_VALUE_METACHAR</viol_name><parameter_data><value_error/><enforcement_level>global</enforcement_level><name>YQ==</name><auto_detected_type>alpha-numeric</auto_detected_type><value>PHNjcmlwdD4=</value><location>query</location></parameter_data><wildcard_entity>*</wildcard_entity><staging>0</staging><language_type>4</language_type><metachar_index>60</metachar_index><metachar_index>62</metachar_index></violation></request-violations></BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n,HTTP/1.1
\ No newline at end of file
diff --git a/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_header_data.log.txt b/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_header_data.log.txt
index 146caaff4..958c0acb7 100644
--- a/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_header_data.log.txt
+++ b/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_header_data.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592514,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <violation_masks> <block>410000000200c00-3a03030c30000072-8000000000000000-0</block> <alarm>477f0ffcbbd0fea-befbf35cb000007e-8000000000000000-0</alarm> <learn>0-2-0-0</learn> <staging>0-0-0-0</staging> </violation_masks> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <context>header</context> <header> <header_name>Rm9v</header_name> <header_value>ZWNobzwhLS0gI2VjaG8=</header_value> <header_pattern>*</header_pattern> <staging>0</staging> </header> <staging>0</staging> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address::HTTP protocol compliance failed:Evasion technique,4355056874564592514,campaign1::campaign2,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <violation_masks> <block>410000000200c00-3a03030c30000072-8000000000000000-0</block> <alarm>477f0ffcbbd0fea-befbf35cb000007e-8000000000000000-0</alarm> <learn>0-2-0-0</learn> <staging>0-0-0-0</staging> </violation_masks> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <context>header</context> <header> <header_name>Rm9v</header_name> <header_value>ZWNobzwhLS0gI2VjaG8=</header_value> <header_pattern>*</header_pattern> <staging>0</staging> </header> <staging>0</staging> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
diff --git a/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_parameter_data.log.txt b/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_parameter_data.log.txt
index d3dfcbcc2..8b93d2896 100644
--- a/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_parameter_data.log.txt
+++ b/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_parameter_data.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592515,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <context>parameter</context> <parameter_data> <value_error/> <enforcement_level>global</enforcement_level> <name/> <value>ZjVwYXJhbWF1dG90ZXN0Pg==</value> <param_name_pattern>*</param_name_pattern> <staging>0</staging> </parameter_data> <staging>0</staging> <sig_data> <sig_id>300000110</sig_id> <blocking_mask>7</blocking_mask> <kw_data> <buffer>PWY1cGFyYW1hdXRvdGVzdD4=</buffer> <offset>1</offset> <length>15</length> </kw_data> </sig_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address::HTTP protocol compliance failed:Evasion technique,4355056874564592515,campaign1::campaign2,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <context>parameter</context> <parameter_data> <value_error/> <enforcement_level>global</enforcement_level> <name/> <value>ZjVwYXJhbWF1dG90ZXN0Pg==</value> <param_name_pattern>*</param_name_pattern> <staging>0</staging> </parameter_data> <staging>0</staging> <sig_data> <sig_id>300000110</sig_id> <blocking_mask>7</blocking_mask> <kw_data> <buffer>PWY1cGFyYW1hdXRvdGVzdD4=</buffer> <offset>1</offset> <length>15</length> </kw_data> </sig_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
diff --git a/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_parameter_data_as_param_data.log.txt b/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_parameter_data_as_param_data.log.txt
index 0a626b9e3..908315ee7 100644
--- a/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_parameter_data_as_param_data.log.txt
+++ b/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_parameter_data_as_param_data.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592516,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?> <BAD_MSG> <request-violations> <violation> <viol_index>52</viol_index> <viol_name>VIOL_JSON_MALFORMED</viol_name> <context>parameter</context> <param_data> <param_name>anNvbg==</param_name> <staging>0</staging> <param_value>eyAiYSI6ICLW1iJ9</param_value> </param_data> <staging>0</staging> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address::HTTP protocol compliance failed:Evasion technique,4355056874564592516,campaign1::campaign2,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?> <BAD_MSG> <request-violations> <violation> <viol_index>52</viol_index> <viol_name>VIOL_JSON_MALFORMED</viol_name> <context>parameter</context> <param_data> <param_name>anNvbg==</param_name> <staging>0</staging> <param_value>eyAiYSI6ICLW1iJ9</param_value> </param_data> <staging>0</staging> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
diff --git a/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_parameter_data_empty_context.log.txt b/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_parameter_data_empty_context.log.txt
index d4426a383..6a1b5f506 100644
--- a/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_parameter_data_empty_context.log.txt
+++ b/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_parameter_data_empty_context.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592517,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <request-violations> <violation> <viol_index>33</viol_index> <viol_name>VIOL_PARAMETER</viol_name> <parameter_data> <value_error/> <enforcement_level>unknown level</enforcement_level> <name>eA==</name> <value>MQ==</value> </parameter_data> </violation> <violation> <viol_index>33</viol_index> <viol_name>VIOL_PARAMETER</viol_name> <parameter_data> <value_error/> <enforcement_level>unknown level</enforcement_level> <name>eQ==</name> <value>JQ==</value> </parameter_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address::HTTP protocol compliance failed:Evasion technique,4355056874564592517,campaign1::campaign2,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <request-violations> <violation> <viol_index>33</viol_index> <viol_name>VIOL_PARAMETER</viol_name> <parameter_data> <value_error/> <enforcement_level>unknown level</enforcement_level> <name>eA==</name> <value>MQ==</value> </parameter_data> </violation> <violation> <viol_index>33</viol_index> <viol_name>VIOL_PARAMETER</viol_name> <parameter_data> <value_error/> <enforcement_level>unknown level</enforcement_level> <name>eQ==</name> <value>JQ==</value> </parameter_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
diff --git a/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_signature_data.log.txt b/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_signature_data.log.txt
index 8571bf8ed..775367ba2 100644
--- a/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_signature_data.log.txt
+++ b/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_signature_data.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592518,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?> <BAD_MSG> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <sig_data> <sig_id>200021094</sig_id> <blocking_mask>4</blocking_mask> <kw_data> <buffer>Q29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KSG9zdDogYS5jb20NClVzZXItQWdlbnQ6IEphdmEvMS43LjBfNTENCkFjY2VwdDogdGV4dC9odG1sLCBpbWFnZS9naWYsIGltYWdlL2pwZWcsICo7IHE9LjIsICovKjsgcT0uMg0KDQo=</buffer> <offset>37</offset> <length>16</length> </kw_data> </sig_data> <sig_data> <sig_id>200011034</sig_id> <blocking_mask>2</blocking_mask> <kw_data> <buffer>cHQ6ICovKg0KRm9vOiBBdXRob3JpemF0aW9uOiAlbiVuJW4lbg0KRm9vOiBlY2hvPCEtLSAjZWNobw0KWDE4</buffer> <offset>29</offset> <length>6</length> </kw_data> </sig_data> <sig_data> <sig_id>200000179</sig_id> <blocking_mask>3</blocking_mask> <kw_data> <buffer>Nw0KQWNjZXB0OiAqLyoNCkZvbzogQXV0aG9yaXphdGlvbjogJW4lbiVuJW4NCkZvbzogZWNobzwhLS0gI2Vj</buffer> <offset>21</offset> <length>23</length> </kw_data> </sig_data> <sig_data> <sig_id>200004106</sig_id> <blocking_mask>2</blocking_mask> <kw_data> <buffer>emF0aW9uOiAlbiVuJW4lbg0KRm9vOiBlY2hvPCEtLSAjZWNobw0KWDE4OTI6IGVjaG8NClgxODkzOiAnPCEt</buffer> <offset>27</offset> <length>10</length> </kw_data> </sig_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address::HTTP protocol compliance failed:Evasion technique,4355056874564592518,campaign1::campaign2,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?> <BAD_MSG> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <sig_data> <sig_id>200021094</sig_id> <blocking_mask>4</blocking_mask> <kw_data> <buffer>Q29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KSG9zdDogYS5jb20NClVzZXItQWdlbnQ6IEphdmEvMS43LjBfNTENCkFjY2VwdDogdGV4dC9odG1sLCBpbWFnZS9naWYsIGltYWdlL2pwZWcsICo7IHE9LjIsICovKjsgcT0uMg0KDQo=</buffer> <offset>37</offset> <length>16</length> </kw_data> </sig_data> <sig_data> <sig_id>200011034</sig_id> <blocking_mask>2</blocking_mask> <kw_data> <buffer>cHQ6ICovKg0KRm9vOiBBdXRob3JpemF0aW9uOiAlbiVuJW4lbg0KRm9vOiBlY2hvPCEtLSAjZWNobw0KWDE4</buffer> <offset>29</offset> <length>6</length> </kw_data> </sig_data> <sig_data> <sig_id>200000179</sig_id> <blocking_mask>3</blocking_mask> <kw_data> <buffer>Nw0KQWNjZXB0OiAqLyoNCkZvbzogQXV0aG9yaXphdGlvbjogJW4lbiVuJW4NCkZvbzogZWNobzwhLS0gI2Vj</buffer> <offset>21</offset> <length>23</length> </kw_data> </sig_data> <sig_data> <sig_id>200004106</sig_id> <blocking_mask>2</blocking_mask> <kw_data> <buffer>emF0aW9uOiAlbiVuJW4lbg0KRm9vOiBlY2hvPCEtLSAjZWNobw0KWDE4OTI6IGVjaG8NClgxODkzOiAnPCEt</buffer> <offset>27</offset> <length>10</length> </kw_data> </sig_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
diff --git a/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_violation_name.log.txt b/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_violation_name.log.txt
index 8d10ae6c7..2278c55bd 100644
--- a/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_violation_name.log.txt
+++ b/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_violation_name.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592519,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?><BAD_MSG><request-violations><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8x</cookie_name></violation><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8zMQ==</cookie_name></violation><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8x</cookie_name></violation><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8zMQ==</cookie_name></violation></request-violations></BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address::HTTP protocol compliance failed:Evasion technique,4355056874564592519,campaign1::campaign2,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?><BAD_MSG><request-violations><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8x</cookie_name></violation><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8zMQ==</cookie_name></violation><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8x</cookie_name></violation><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8zMQ==</cookie_name></violation></request-violations></BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
