What Changed
Added “CsvEscapeMode”: “NoEscape” configuration to the Imperva Cloud WAF CCF connector’s CSV parsing settings. The change prevents logs containing embedded JSON with quotes from being dropped during ingestion.
Security Impact (Visibility & Fidelity)
WAF logs containing embedded JSON were being silently dropped during ingestion due to CSV quote-escaping conflicts. This created visibility gaps for security events that include JSON payloads — such as detailed attack signatures, request parameters, or response data that attackers manipulate.
Organizations running affected connector deployments had incomplete WAF log coverage, potentially missing indicators of web application attacks, data exfiltration attempts, or reconnaissance activities that generate JSON-formatted log entries.
The fix restores complete ingestion for all WAF log formats, eliminating the data loss condition.
Affected Files
Solutions/ImpervaCloudWAF/Data Connectors/ImpervaCloudWAFLogs_ccf/ImpervaCloudWAFLogs_PollingConfig.json
(packaging artefacts: 3.1.1.zip, ReleaseNotes.md, Solution_ImpervaCloudWAF.json, mainTemplate.json)