diff --git a/packages/akamai/changelog.yml b/packages/akamai/changelog.yml
index d5c7d2a5c31..62066f2abe4 100644
--- a/packages/akamai/changelog.yml
+++ b/packages/akamai/changelog.yml
@@ -1,4 +1,15 @@
 # newer versions go on top
+- version: "2.26.0"
+  changes:
+    - description: Handle input leniently.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/10158
+    - description: Improve efficiency of script processing.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/10158
+    - description: Fix handling of missing fields.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/10158
 - version: "2.25.4"
   changes:
     - description: Remove experimental/beta status warnings.
diff --git a/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log b/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log
index 8ceb2679c14..c788cb370e8 100644
--- a/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log
+++ b/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log
@@ -1,4 +1,15 @@
 {"format":"json","type":"akamai_siem","version":"1.0","attackData":{"clientIP":"89.160.20.156","configId":"14227","policyId":"qik1_26545","ruleActions":"YWxlcnQ%3d%3bYWxlcnQ%3d%3bZGVueQ%3d%3d","ruleData":"dGVsbmV0LmV4ZQ%3d%3d%3bdGVsbmV0LmV4ZQ%3d%3d%3bVmVjdG9yIFNjb3JlOiAxMCwgREVOWSB0aHJlc2hvbGQ6IDksIEFsZX ","ruleMessages":"U3lzdGVtIENvbW1hbmQgQWNjZXNz%3bU3lzdGVtIENvbW1hbmQgSW5qZWN0aW9u%3bQW5vbWFseSBTY29yZSBFeGNlZWRlZCBmb3 ","ruleSelectors":"QVJHUzpvcHRpb24%3d%3bQVJHUzpvcHRpb24%3d%3b","ruleTags":"T1dBU1BfQ1JTL1dFQl9BVFRBQ0svRklMRV9JTkpFQ1RJT04%3d%3bT1dBU1BfQ1JTL1dFQl9BVFRBQ0svQ09NTUFORF9JTkpFQ1R ","ruleVersions":"NA%3d%3d%3bNA%3d%3d%3bMQ%3d%3d","rules":"OTUwMDAy%3bOTUwMDA2%3bQ01ELUlOSkVDVElPTi1BTk9NQUxZ"},"geo":{"asn":"14618","city":"ASHBURN","continent":"288","country":"US","regionCode":"VA"},"httpMessage":{"bytes":"266","host":"www.hmapi.com","method":"GET","path":"/","port":"80","protocol":"HTTP/1.1","query":"option=com_jce%20telnet.exe","requestHeaders":"User-Agent%3a%20BOT%2f0.1%20(BOT%20for%20JCE)%0d%0aAccept%3a%20text%2fhtml,application%2fxhtml+xml","requestId":"1158db1758e37bfe67b7c09","responseHeaders":"Server%3a%20AkamaiGHost%0d%0aMime-Version%3a%201.0%0d%0aContent-Type%3a%20text%2fhtml%0d%0aContent-Length%3a%20150","start":"1491303422","status":"200"},"userRiskData":{"uuid":"964d54b7-0821-413a-a4d6-8131770ec8d5","status":"0","score":"75","risk":"udfp:1325gdg4g4343g/M|unp:74256/H","trust":"ugp:US","general":"duc_1h:10|duc_1d:30","allow":"0"},"clientData":{"appBundleId":"com.mydomain.myapp","appVersion":"1.23","sdkVersion":"4.7.1","telemetryType":"2"},"botData":{"botScore":"100","responseSegment":"3"}}
 {"format":"json","type":"akamai_siem","version":"1.0","attackData":{"clientIP":"89.160.20.156","configId":"14227","policyId":"qik1_26545","ruleActions":"YWxlcnQ%3d%3bYWxlcnQ%3d%3bZGVueQ%3d%3d","ruleData":"dGVsbmV0LmV4ZQ%3d%3d%3bdGVsbmV0LmV4ZQ%3d%3d%3bVmVjdG9yIFNjb3JlOiAxMCwgREVOWSB0aHJlc2hvbGQ6IDksIEFsZX ","ruleMessages":"U3lzdGVtIENvbW1hbmQgQWNjZXNz%3bU3lzdGVtIENvbW1hbmQgSW5qZWN0aW9u%3bQW5vbWFseSBTY29yZSBFeGNlZWRlZCBmb3 ","ruleSelectors":"QVJHUzpvcHRpb24%3d%3bQVJHUzpvcHRpb24%3d%3b","ruleTags":"T1dBU1BfQ1JTL1dFQl9BVFRBQ0svRklMRV9JTkpFQ1RJT04%3d%3bT1dBU1BfQ1JTL1dFQl9BVFRBQ0svQ09NTUFORF9JTkpFQ1R ","ruleVersions":"NA%3d%3d%3bNA%3d%3d%3bMQ%3d%3d","rules":"OTUwMDAy%3bOTUwMDA2%3bQ01ELUlOSkVDVElPTi1BTk9NQUxZ"},"geo":{"asn":"14618","city":"ASHBURN","continent":"288","country":"US","regionCode":"VA"},"httpMessage":{"bytes":"266","host":"www.hmapi.com","method":"GET","path":"/","port":"80","protocol":"HTTP/1.1","query":"option=com_jce%20telnet.exe","requestHeaders":"Host:%20example.com%0D%0Ajsessionid:%0D%0AAccept-Encoding:%20gzip%0D%0A","requestId":"1158db1758e37bfe67b7c09","responseHeaders":"Server:%20AkamaiGHost%0D%0AMime-Version:%201.0%0D%0AContent-Type:%20text/html%0D%0AContent-Length:%20150%0D%0AX-NoValueHeader:%0D%0A","start":"1491303422","status":"200"},"userRiskData":{"uuid":"964d54b7-0821-413a-a4d6-8131770ec8d5","status":"0","score":"75","risk":"","trust":"","general":"","allow":"0"},"clientData":{"appBundleId":"com.mydomain.myapp","appVersion":"1.23","sdkVersion":"4.7.1","telemetryType":"2"},"botData":{"botScore":"100","responseSegment":"3"}}
 {"format":"json","type":"akamai_siem","version":"1.0","attackData":{"clientIP":"89.160.20.156","configId":"6724","policyId":"scoe_5426","ruleActions":"QUxFUlQ;REVOWQ==","ruleData":"YWxlcnQo;Y3VybA==","ruleMessages":"Q3Jvc3Mtc2l0ZSBTY3 JpcHRpbmcgKFhTUykgQXR0YWNr; UmVxdWVzdCBJbmRpY2F0ZXMgYW4 gYXV0b21hdGVkIHByb2 dyYW0gZXhwbG9yZWQgdGhlIHNpdGU=","ruleSelectors":"QVJHUzph;UkVRVUVTVF9IRU FERVJTOlVzZXItQWdlbnQ=","ruleTags":"V0VCX0FUVEFDSy9YU1M=;QV VUT01BVElPTi9NSVND","ruleVersions":";","rules":"OTUwMDA0;OTkwMDEx"},"geo":{"asn":"12271","city":"NEWYORK","continent":"NA","country":"US","regionCode":"NY"},"httpMessage":{"bytes":"34523","host":"www.example.com","method":"POST","path":"/examples/1/","port":"80","protocol":"http/2","query":"a%3D..%2F..%2F..%2Fetc%2Fpasswd","requestHeaders":"User-Agent%3a%20BOT%2f0.1%20(BOT%20for%20JCE)%0d%0aAccept%3a%20text%2fhtml,application%2fxhtml+xml","requestId":"2ab418ac8515f33","responseHeaders":"Server%3a%20AkamaiGHost%0d%0aMime-Version%3a%201.0%0d%0aContent-Type%3a%20text%2fhtml","start":"1470923133.026","status":"301","tls": "TLSv1.2"},"userRiskData":{"uuid":"964d54b7-0821-413a-a4d6-8131770ec8d5","status":"0","score":"75","risk":"udfp:1325gdg4g4343g/M|unp:74256/H","trust":"ugp:US","general":"duc_1h:10|duc_1d:30","allow":"0"},"clientData":{"appBundleId":"com.mydomain.myapp","appVersion":"1.23","sdkVersion":"4.7.1","telemetryType":"2"},"botData":{"botScore":"100","responseSegment":"3"}}
-{"total":10000,"offset":"71cca;3phZmEdPj6YEqml0rvbdWDZGW3mCiJIwjyhkJfsLFM2gVYPgE8-N_0CiLI9gwH0_4OJ87xDQ3b-gIsx_kEBdf7aaC_AvDpG9fMxypeaCma10FKrY9VKE","limit":10000}
\ No newline at end of file
+{"format":"json","type":"akamai_siem","version":"1.0","attackData":{"clientIP":"89.160.20.156","configId":"6724","policyId":"scoe_5426","ruleActions":"////=;////=","ruleData":"////=;////=","ruleMessages":"////=;////=","ruleSelectors":"////=;////=","ruleTags":"////=;////=","ruleVersions":";","rules":"////=;////="},"geo":{"asn":"12271","city":"NEWYORK","continent":"NA","country":"US","regionCode":"NY"},"httpMessage":{"bytes":"34523","host":"www.example.com","method":"POST","path":"/examples/1/","port":"80","protocol":"http/2","query":"a=../../../etc/passwd%","requestHeaders":"User-Agent%3a%20BOT%2f0.1%20(BOT%20for%20JCE)%0d%0aAccept%3a%20text%2fhtml,application%2fxhtml+xml","requestId":"2ab418ac8515f33","responseHeaders":"Server%3a%20AkamaiGHost%0d%0aMime-Version%3a%201.0%0d%0aContent-Type%3a%20text%2fhtml","start":"1470923133.026","status":"301","tls": "TLSv1.2"},"userRiskData":{"uuid":"964d54b7-0821-413a-a4d6-8131770ec8d5","status":"0","score":"75","risk":"udfp:1325gdg4g4343g/M|unp:74256/H","trust":"ugp:US","general":"duc_1h:10|duc_1d|duc_1w:1","allow":"0"},"clientData":{"appBundleId":"com.mydomain.myapp","appVersion":"1.23","sdkVersion":"4.7.1","telemetryType":"2"},"botData":{"botScore":"100","responseSegment":"3"}}
+{"attackData":{"apiId":"API_908966","apiKey":"","clientIP":"81.2.69.144","configId":"92384723","policyId":"prmb_232917","ruleActions":"YWxlcnQ%3d%3bYWxlcnQ%3d%3b","ruleData":"%3bSHVtYW4gLSBpT1M%3d%3b","ruleMessages":"aGkh%3bVExTIEhhc2g6IDE0NmYxYjlmOTdkZGYxYjU%3d%3b","ruleSelectors":"%3bSDIgSGFzaDogMDc1MUE3RDQ%3d%3b","ruleTags":"bG9nb24gYm90bmV0IG1vYmlsZQ%3d%3d%3b","ruleVersions":"%3b%3b","rules":"NjAxOTU0OTE%3d%3bNjAyNDY5MTM%3d%3b"},"format":"json","geo":{"asn":"7922","city":"ELKGROVEVILLAGE","continent":"NA","country":"US","regionCode":"IL"},"httpMessage":{"bytes":"478","host":"otr.company.com","method":"POST","path":"/webapp/api/public/v1/login/username-password","port":"443","protocol":"h2","query":"excludeClientExperienceData=false","requestHeaders":"Host%3a%20otr.company.com%0d%0aContent-Type%3a%20application%2fjson%0d%0afelix_1%3a%20isMobile%3atrue%0d%0aAccept-Encoding%3a%20gzip,%20deflate,%20br%0d%0aAccept%3a%20application%2fjson%0d%0ax-devicetype%3a%20iPhone%0d%0aAccept-Language%3a%20en-US,en%3bq%3d0.9%0d%0aOrigin%3a%20https%3a%2f%2fotr.company.com%0d%0aUser-Agent%3a%20Beacon%2f12.68.0%20(iOS%2f16.3.1%3b%20iPad7,5)%0d%0aReferer%3a%20https%3a%2f%2fotr.company.com%2fwebapp%2fapi%2fpublic%2fv1%2flogin%2fusername-password%3fexcludeClientExperienceData%3dfalse%0d%0afelix%3a%20isAjax%3atrue%0d%0asession-id%3a%202BA252F5-F411-4A2F-8138-1D6ADCE4D2E2%0d%0aContent-Length%3a%20292%0d%0aCookie%3a%20Mmmm%20Cookies%0d%0a","requestId":"4511c6d","responseHeaders":"Content-Encoding%3a%20gzip%0d%0aContent-Type%3a%20application%2fjson%3b%20charset%3dutf-8%0d%0aETag%3a%20W%2f%22375-ZjJkYjQ2ZmUzZmRhNTRhOWQ4-gzip%22%0d%0aServer%3a%20%0d%0aVary%3a%20Accept-Encoding%0d%0aX-Frame-Options%3a%20SAMEORIGIN%0d%0aContent-Length%3a%20478%0d%0aExpires%3a%20Wed,%2009%20Oct%202024%2015%3a13%3a13%20GMT%0d%0aCache-Control%3a%20max-age%3d0,%20no-cache,%20no-store%0d%0aDate%3a%20Wed,%2009%20Oct%202024%2015%3a13%3a13%20GMT%0d%0aConnection%3a%20keep-alive%0d%0aSet-Cookie%3a%20XSRF-TOKEN%62e8b1ad-ab00-482d-8f51-0912bd6dbde6%3b%20path%3d%2f%3b%20domain%3dcompany.com%0d%0aSet-Cookie%3a%20TLTUID%3dD4E45D2371FC487AB770B38EF309441E%3b%20path%3d%2f%2520Expires%3dTue%2520Oct%252010%25202034%252003%3a13%3a12%2520GMT+0000%2520(Coordinated%2520Universal%2520Time)%3b%20domain%3dcompany.com%0d%0aSet-Cookie%3a%20TLTSID%3dD4E45D2371FC487AB770B38EF309441E%3b%20path%3d%2f%3b%20domain%3dcompany.com%0d%0aAkamai-GRN%3a%200.c5263e17.1728486792.4511c6d%0d%0aStrict-Transport-Security%3a%20max-age%3d15768000%20%3b%20includeSubDomains%0d%0a","start":"1728486793","status":"200","tls":"tls1.3"},"type":"akamai_siem","userRiskData":{"allow":"0","score":"","status":"5","uuid":""},"version":"1.0"}
+{"attackData":{"apiId":"API_908966","apiKey":"","clientIP":"81.2.69.144","configId":"92384723","policyId":"prmb_232917","ruleActions":"YWxlcnQ%3d%3bYWxlcnQ%3d%3bZGVueV9jdXN0b21fMTQ5NTI1","ruleData":"QmlvbWV0cmljIEF1dGhlbnRpY2F0aW9uOjpGYWlsOjpUcmFuc21pdCBTREsgZmFpbGVkIHdpdGggZXJyb3IgY29kZSA6IDY0LCBlcnJvciBtZXNzYWdlIDogSFRUUCByZXNwb25zZSBlcnJvciBFcnJvciBkYXRhIDogW0FueUhhc2hhYmxlKCJwdWJsaWNfcHJvcGVydGllcyIpOiB7IH0sIEFueUhhc2hhYmxlKCJib2R5Iik6IDwhRE9DVFlQRSBIVE1MIFBVQkxJQyAiLS8vVzNDLy9EVEQgSFRNTCA0LjAxIFRyYW5zaXRpb25hbC8vRU4iICJodHRwOi8vd3d3LnczLm9yZy9UUi9odG1sNC9sb29zZS5kdGQiPiA8SFRNTD48SEVBRD48TUVUQSBIVFRQLUVRVUlWPSJDb250ZW50LVR5cGUiIENPTlRFTlQ9InRleHQvaHRtbDsgY2hhcnNldD1pc28tODg1OS0xIj4gPFRJVExFPkVSUk9SOiBUaGUgcmVxdWVzdCBjb3VsZCBub3QgYmUgc2F0aXNmaWVkPC9USVRMRT4gPC9IRUFEPjxCT0RZPiA8SDE+NDAzIEVSUk9SPC9IMT4gPEgyPlRoZSByZXF1ZXN0IGNvdWxkIG5vdCBiZSBzYXRpc2ZpZWQuPC9IMj4gPEhSIG5vc2hhZGUgc2l6ZT0iMXB4Ij4gUmVxdWVzdCBibG9ja2VkLiBXZSBjYW4ndCBjb25uZWN0IHRvIHRoZSBzZXJ2ZXIgZm9yIHRoaXMgYXBwIG9yIHdlYnNpdGUgYXQgdGhpcyB0aW1lLiBUaGVyZSBtaWdodCBiZSB0b28gbXVjaCB0cmFmZmljIG9yIGEgY29uZmlndXJhdGlvbiBlcnJvci4gVHJ5IGFnYWluIGxhdGVyLCBvciBjb250YWN0IHRoZSBhcHAgb3Igd2Vic2l0ZSBvd25lci4gPEJSIGNsZWFyPSJhbGwiPiBJZiB5b3UgcHJvdmlkZSBjb250ZW50IHRvIGN1c3RvbWVycyB0aHJvdWdoIENsb3VkRnJvbnQsIHlvdSBjYW4gZmluZCBzdGVwcyB0byB0cm91Ymxlc2hvb3QgYW5kIGhlbHAgcHJldmVudCB0aGlzIGVycm9yIGJ5IHJldmlld2luZyB0aGUgQ2xvdWRGcm9udCBkb2N1bWVudGF0aW9uLiA8QlIgY2xlYXI9ImFsbCI+IDxIUiBub3NoYWRlIHNpemU9IjFweCI+IDxQUkU+IEdlbmVyYXRlZCBieSBjbG91ZGZyb250IChDbG91ZEZyb250KSBSZXF1ZXN0IElEOiBDLWFuVm84MENlMThueWRFVl83eEVnNHdTRGRSN0Z5WC1CdzZNTDU4eF9pQVlXSllacXE3OXc9PSA8L1BSRT4gPEFERFJFU1M+IDwvQUREUkVTUz4gPC9CT0RZPjwvSFRNTD4sIEFueUhhc2hhYmxlKCJzdGF0dXMiKTogNDAzXQ%3d%3d%3bPE1FVEEg%3bVmVjdG9yIFNjb3JlOiAxMCwgR3JvdXAgVGhyZXNob2xkOiA5LCBUcmlnZ2VyZWQgUnVsZXM6IDMwMDAxMTAtMzAwMDExNiwgVHJpZ2dlcmVkIFNjb3JlczogNS01LCBUcmlnZ2VyZWQgU2VsZWN0b3I6IEpTT05fUEFJUlM6ZGF0YVs0XS52YWx1ZSwgTWl0aWdhdGVkIFJ1bGVzOiAsIExhc3QgTWF0Y2hlZCBNZXNzYWdlOiA%3d","ruleMessages":"Q3Jvc3Mtc2l0ZSBTY3JpcHRpbmcgKFhTUykgQXR0YWNrIChTbWFydERldGVjdCk%3d%3bQ3Jvc3Mtc2l0ZSBTY3JpcHRpbmcgKFhTUykgQXR0YWNr%3bQW5vbWFseSBTY29yZSBFeGNlZWRlZCBmb3IgQ3Jvc3Mtc2l0ZSBTY3JpcHRpbmcgKFhTUykgQXR0YWNr","ruleSelectors":"SlNPTl9QQUlSUzpkYXRhWzRdLnZhbHVl%3bSlNPTl9QQUlSUzpkYXRhWzRdLnZhbHVl%3bSlNPTl9QQUlSUzpkYXRhWzRdLnZhbHVl","ruleTags":"QVNFL1dFQl9BVFRBQ0svWFNT%3bQVNFL1dFQl9BVFRBQ0svWFNT%3bQVNFL1dFQl9BVFRBQ0svWFNT","ruleVersions":"Mw%3d%3d%3bMw%3d%3d%3bMw%3d%3d","rules":"MzAwMDExMA%3d%3d%3bMzAwMDExNg%3d%3d%3bWFNTLUFOT01BTFk%3d"},"format":"json","geo":{"asn":"62240","city":"EDISON","continent":"NA","country":"US","regionCode":"NJ"},"httpMessage":{"bytes":"13","host":"otr.company.com","method":"POST","path":"/webapp/api/public/v1/log","port":"443","protocol":"h2","requestHeaders":"Host%3a%20otr.company.com%0d%0aContent-Type%3a%20application%2fjson%0d%0afelix_1%3a%20isMobile%3atrue%0d%0aAccept%3a%20application%2fjson%0d%0aAccept-Language%3a%20en-US,en%3bq%3d0.9%0d%0ax-xsrf-token%3a%205E6C3157-FC2E-4BE7-8E97-4383ACB2E80C%0d%0aAccept-Encoding%3a%20gzip,%20deflate,%20br%0d%0aOrigin%3a%20https%3a%2f%2fotr.company.com%0d%0aUser-Agent%3a%20Beacon%2f12.67.0%20(iOS%2f17.6.1%3b%20iPhone15,3)%0d%0aReferer%3a%20https%3a%2f%2fotr.company.com%2fwebapp%2fapi%2fpublic%2fv1%2flog%0d%0afelix%3a%20isAjax%3atrue%0d%0asession-id%3a%20847B45BB-5F1B-48E8-9EC4-FF0D433C26A8%0d%0aContent-Length%3a%202611%0d%0a","requestId":"39c13748","responseHeaders":"Server%3a%20AkamaiGHost%0d%0aMime-Version%3a%201.0%0d%0aContent-Length%3a%2013%0d%0aCache-Control%3a%20no-cache,%20no-store,%20must-revalidate%0d%0aPragma%3a%20no-cache%0d%0aExpires%3a%200%0d%0aContent-Type%3a%20text%2fhtml%0d%0aLocation%3a%20http%3a%2f%2fwww.company.com%2fnotfound.htm%0d%0aExpires%3a%20Wed,%2009%20Oct%202024%2015%3a10%3a52%20GMT%0d%0aCache-Control%3a%20max-age%3d0,%20no-cache,%20no-store%0d%0aDate%3a%20Wed,%2009%20Oct%202024%2015%3a10%3a52%20GMT%0d%0aConnection%3a%20keep-alive%0d%0aAkamai-GRN%3a%200.4a24c317.1728486652.39c13748%0d%0aStrict-Transport-Security%3a%20max-age%3d15768000%20%3b%20includeSubDomains%0d%0a","start":"1728486652","status":"302","tls":"tls1.3"},"type":"akamai_siem","version":"1.0"}
+{"attackData":{"apiId":"API_908966","apiKey":"","clientIP":"81.2.69.144","configId":"92384723","policyId":"prmb_232917","ruleActions":"YWxlcnQ%3d%3bYWxlcnQ%3d%3bZGVueV9jdXN0b21fMTQ5NTI1","ruleData":"QmlvbWV0cmljIEF1dGhlbnRpY2F0aW9uOjpGYWlsOjpUcmFuc21pdCBTREsgZmFpbGVkIHdpdGggZXJyb3IgY29kZSA6IDY0LCBlcnJvciBtZXNzYWdlIDogSFRUUCByZXNwb25zZSBlcnJvciBFcnJvciBkYXRhIDogW0FueUhhc2hhYmxlKCJzdGF0dXMiKTogNDAzLCBBbnlIYXNoYWJsZSgicHVibGljX3Byb3BlcnRpZXMiKTogeyB9LCBBbnlIYXNoYWJsZSgiYm9keSIpOiA8IURPQ1RZUEUgSFRNTCBQVUJMSUMgIi0vL1czQy8vRFREIEhUTUwgNC4wMSBUcmFuc2l0aW9uYWwvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvVFIvaHRtbDQvbG9vc2UuZHRkIj4gPEhUTUw+PEhFQUQ+PE1FVEEgSFRUUC1FUVVJVj0iQ29udGVudC1UeXBlIiBDT05URU5UPSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9aXNvLTg4NTktMSI+IDxUSVRMRT5FUlJPUjogVGhlIHJlcXVlc3QgY291bGQgbm90IGJlIHNhdGlzZmllZDwvVElUTEU+IDwvSEVBRD48Qk9EWT4gPEgxPjQwMyBFUlJPUjwvSDE+IDxIMj5UaGUgcmVxdWVzdCBjb3VsZCBub3QgYmUgc2F0aXNmaWVkLjwvSDI+IDxIUiBub3NoYWRlIHNpemU9IjFweCI+IFJlcXVlc3QgYmxvY2tlZC4gV2UgY2FuJ3QgY29ubmVjdCB0byB0aGUgc2VydmVyIGZvciB0aGlzIGFwcCBvciB3ZWJzaXRlIGF0IHRoaXMgdGltZS4gVGhlcmUgbWlnaHQgYmUgdG9vIG11Y2ggdHJhZmZpYyBvciBhIGNvbmZpZ3VyYXRpb24gZXJyb3IuIFRyeSBhZ2FpbiBsYXRlciwgb3IgY29udGFjdCB0aGUgYXBwIG9yIHdlYnNpdGUgb3duZXIuIDxCUiBjbGVhcj0iYWxsIj4gSWYgeW91IHByb3ZpZGUgY29udGVudCB0byBjdXN0b21lcnMgdGhyb3VnaCBDbG91ZEZyb250LCB5b3UgY2FuIGZpbmQgc3RlcHMgdG8gdHJvdWJsZXNob290IGFuZCBoZWxwIHByZXZlbnQgdGhpcyBlcnJvciBieSByZXZpZXdpbmcgdGhlIENsb3VkRnJvbnQgZG9jdW1lbnRhdGlvbi4gPEJSIGNsZWFyPSJhbGwiPiA8SFIgbm9zaGFkZSBzaXplPSIxcHgiPiA8UFJFPiBHZW5lcmF0ZWQgYnkgY2xvdWRmcm9udCAoQ2xvdWRGcm9udCkgUmVxdWVzdCBJRDogTjVQbmI1elRXRVUzb19YclpVRUNVZnFCSl9DX0pVSk1TcUFlV0NJNDFqOFlLWlhXVjBqMDlBPT0gPC9QUkU+IDxBRERSRVNTPiA8L0FERFJFU1M+IDwvQk9EWT48L0hUTUw+XQ%3d%3d%3bPE1FVEEg%3bVmVjdG9yIFNjb3JlOiAxMCwgR3JvdXAgVGhyZXNob2xkOiA5LCBUcmlnZ2VyZWQgUnVsZXM6IDMwMDAxMTAtMzAwMDExNiwgVHJpZ2dlcmVkIFNjb3JlczogNS01LCBUcmlnZ2VyZWQgU2VsZWN0b3I6IEpTT05fUEFJUlM6ZGF0YVszXS52YWx1ZSwgTWl0aWdhdGVkIFJ1bGVzOiAsIExhc3QgTWF0Y2hlZCBNZXNzYWdlOiA%3d","ruleMessages":"Q3Jvc3Mtc2l0ZSBTY3JpcHRpbmcgKFhTUykgQXR0YWNrIChTbWFydERldGVjdCk%3d%3bQ3Jvc3Mtc2l0ZSBTY3JpcHRpbmcgKFhTUykgQXR0YWNr%3bQW5vbWFseSBTY29yZSBFeGNlZWRlZCBmb3IgQ3Jvc3Mtc2l0ZSBTY3JpcHRpbmcgKFhTUykgQXR0YWNr","ruleSelectors":"SlNPTl9QQUlSUzpkYXRhWzNdLnZhbHVl%3bSlNPTl9QQUlSUzpkYXRhWzNdLnZhbHVl%3bSlNPTl9QQUlSUzpkYXRhWzNdLnZhbHVl","ruleTags":"QVNFL1dFQl9BVFRBQ0svWFNT%3bQVNFL1dFQl9BVFRBQ0svWFNT%3bQVNFL1dFQl9BVFRBQ0svWFNT","ruleVersions":"Mw%3d%3d%3bMw%3d%3d%3bMw%3d%3d","rules":"MzAwMDExMA%3d%3d%3bMzAwMDExNg%3d%3d%3bWFNTLUFOT01BTFk%3d"},"format":"json","geo":{"asn":"701","city":"WARRINGTON","continent":"NA","country":"US","regionCode":"PA"},"httpMessage":{"bytes":"13","host":"otr.company.com","method":"POST","path":"/webapp/api/public/v1/log","port":"443","protocol":"h2","requestHeaders":"Host%3a%20otr.company.com%0d%0aContent-Type%3a%20application%2fjson%0d%0afelix_1%3a%20isMobile%3atrue%0d%0aAccept%3a%20application%2fjson%0d%0aAccept-Language%3a%20en-US,en%3bq%3d0.9%0d%0ax-xsrf-token%3a%20526A9862-F26B-47D9-8727-108CEEC2FC6D%0d%0aAccept-Encoding%3a%20gzip,%20deflate,%20br%0d%0aOrigin%3a%20https%3a%2f%2fotr.company.com%0d%0aUser-Agent%3a%20Beacon%2f12.68.0%20(iOS%2f17.6.1%3b%20iPhone15,4)%0d%0aReferer%3a%20https%3a%2f%2fotr.company.com%2fwebapp%2fapi%2fpublic%2fv1%2flog%0d%0afelix%3a%20isAjax%3atrue%0d%0asession-id%3a%2090562D50-F7E6-4CE1-8C0A-F1F04ABA0886%0d%0aContent-Length%3a%203073%0d%0a","start":"1728485227","status":"302","tls":"tls1.3"},"type":"akamai_siem","version":"1.0"}
+{"attackData":{"clientIP":"81.2.69.144","configId":"92384723","policyId":"prse_111965","ruleActions":"YWxlcnQ%3d%3b","ruleData":"%3b","ruleMessages":"bm90aGluZyB0byBzZWUgaGVyZQ%3d%3d%3b","ruleSelectors":"%3b","ruleTags":"YWxlcnQ%3d%3b","ruleVersions":"%3b","rules":"NjAxMDc4Njc%3d%3b"},"format":"json","geo":{"asn":"6128","city":"OSSINING","continent":"NA","country":"US","regionCode":"NY"},"httpMessage":{"bytes":"226","host":"peeps.company.com","method":"GET","path":"/%s/TransViewProfile","port":"443","protocol":"h2","requestHeaders":"Host%3a%20peeps.company.com%0d%0aAccept%3a%20text%2fhtml,application%2fxhtml+xml,application%2fxml%3bq%3d0.9,*%2f*%3bq%3d0.8%0d%0asec-fetch-site%3a%20same-origin%0d%0asec-fetch-dest%3a%20document%0d%0aAccept-Language%3a%20en-US,en%3bq%3d0.9%0d%0asec-fetch-mode%3a%20navigate%0d%0aUser-Agent%3a%20Mozilla%2f5.0%20(iPhone%3b%20CPU%20iPhone%20OS%2017_6%20like%20Mac%20OS%20X)%20AppleWebKit%2f605.1.15%20(KHTML,%20like%20Gecko)%20GSA%2f336.0.679286625%20Mobile%2f15E148%20Safari%2f604.1%0d%0aReferer%3a%20https%3a%2f%2fpeeps.company.com%2fus%2fgets%3fAction%3dadd%0d%0aAccept-Encoding%3a%20gzip,%20deflate,%20br%0d%0a","start":"1728484562","status":"400","tls":"tls1.3"},"type":"akamai_siem","version":"1.0"}
+{"detail":"Not enough replicas available for query at consistency LOCAL_ONE (1 required but only 0 alive)","status":500,"title":"Server error"}
+{"attackData":{"apiId":"API_234508975","apiKey":"","clientIP":"81.2.69.144","configId":"92384723","policyId":"prse_111965","ruleActions":"YWxlcnQ%3d%3b","ruleData":"%3b","ruleMessages":"ZjM3MGFlN2VjN2FhNThkZDIwMjk2ODUzOTU1NTllOWMgIC0K%3d%3b","ruleSelectors":"%3b","ruleTags":"YWxlcnQ%3d%3b","ruleVersions":"%3b","rules":"NjAxMDc4Njc%3d%3b"},"format":"json","geo":{"asn":"26703","city":"PARIS","continent":"NA","country":"TX","regionCode":"TX"},"httpMessage":{"bytes":"0","host":"peeps.company.com","method":"GET","path":"/us/hnwnesc/nesc/LoginPage","port":"443","protocol":"h2","query":"TYPE=33554433\u0026REALMOID=06-fbf500ab-f4e9-4b4f-9b24-eb3b17a3549f\u0026GUID=\u0026SMAUTHREASON=0\u0026METHOD=GET\u0026SMAGENTNAME=soeprd01\u0026TARGET=$SM$%2fmy-accounts%2faccount-overview%","requestHeaders":"Host%3a%20peeps.company.com%0d%0aSec-CH-UA%3a%20%22Google%20Chrome%22%3bv%3d%22129%22,%20%22Not%3dA%3fBrand%22%3bv%3d%228%22,%20%22Chromium%22%3bv%3d%22129%22%0d%0aSec-CH-UA-Mobile%3a%20%3f0%0d%0aSec-CH-UA-Platform%3a%20%22Windows%22%0d%0aupgrade-insecure-requests%3a%201%0d%0aUser-Agent%3a%20Mozilla%2f5.0%20(Windows%20NT%2010.0%3b%20Win64%3b%20x64)%20AppleWebKit%2f537.36%20(KHTML,%20like%20Gecko)%20Chrome%2f129.0.0.0%20Safari%2f537.36%0d%0asec-purpose%3a%20prefetch%3bprerender%0d%0apurpose%3a%20prefetch%0d%0aAccept%3a%20text%2fhtml,application%2fxhtml+xml,application%2fxml%3bq%3d0.9,image%2favif,image%2fwebp,image%2fapng,*%2f*%3bq%3d0.8,application%2fsigned-exchange%3bv%3db3%3bq%3d0.7%0d%0asec-fetch-site%3a%20none%0d%0asec-fetch-mode%3a%20navigate%0d%0asec-fetch-user%3a%20%3f1%0d%0asec-fetch-dest%3a%20document%0d%0aAccept-Encoding%3a%20gzip,%20deflate,%20br,%20zstd%0d%0aAccept-Language%3a%20en-US,en%3bq%3d0.9%0d%0apriority%3a%20u%3d0,%20i%0d%0a","start":"1728477033","status":"301","tls":"tls1.3"},"type":"akamai_siem","version":"1.0"}
+{"attackData":{"clientIP":"81.2.69.144","configId":"92384723","policyId":"prse_111965","ruleActions":"bW9uaXRvcg%3d%3d%3b","ruleData":"Z3B0Ym90%3b","ruleMessages":"V2ViIFNlYXJjaCBFbmdpbmUgQm90cw%3d%3d%3b","ruleSelectors":"%3b","ruleTags":"QUtBTUFJL0JPVC9BS0FNQUlfQ0FURUdPUklaRUQ%3d%3b","ruleVersions":"MQ%3d%3d%3b","rules":"Mzk5MTAwNg%3d%3d%3b"},"format":"json","geo":{"asn":"8075","city":"PHOENIX","continent":"NA","country":"US","regionCode":"AZ"},"httpMessage":{"bytes":"122","host":"investor.company.com","method":"GET","path":"/etf/profile/FNQ%20Company%20ETW%20Profile","port":"443","protocol":"h2","requestHeaders":"Host%3a%20investor.company.com%0d%0ax-openai-host-hash%3a%20905516960%0d%0aAccept%3a%20*%2f*%0d%0aFrom%3a%20gptbot(at)openai.com%0d%0aUser-Agent%3a%20Mozilla%2f5.0%20AppleWebKit%2f537.36%20(KHTML,%20like%20Gecko%3b%20compatible%3b%20GPTBot%2f1.2%3b%20+https%3a%2f%2fopenai.com%2fgptbot)%0d%0aAccept-Encoding%3a%20gzip,%20br,%20deflate%0d%0aremove-dup-edge-ctrl-headers-rollout-enabled%3a%201%0d%0a","requestId":"1770e7d9","responseHeaders":"Server%3a%20awselb%2f2.0%0d%0aContent-Type%3a%20text%2fhtml%0d%0aContent-Length%3a%20122%0d%0aDate%3a%20Wed,%2009%20Oct%202024%2010%3a46%3a07%20GMT%0d%0aConnection%3a%20keep-alive%0d%0aAkamai-Cache-Status%3a%20NotCacheable%20from%20child%0d%0aAkamai-GRN%3a%200.972c2d17.1728470767.1770e7d9%0d%0aStrict-Transport-Security%3a%20max-age%3d15768000%20%3b%20includeSubDomains%0d%0a","start":"1728470767","status":"400","tls":"tls1.3"},"type":"akamai_siem","version":"1.0"}
+{"attackData":{"clientIP":"81.2.69.144","configId":"92384723","policyId":"prkg_252151","ruleActions":"ZGVueQ%3d%3d","ruleData":"","ruleMessages":"VW5hdXRob3JpemVkIHBlZXIgSVAgMTM2LjI0NC45MC4xNzYgaW4gVmFuZ3VhcmQgLSBDU09DIEJsYWNrbGlzdA%3d%3d","ruleSelectors":"","ruleTags":"SVBCTE9DSw%3d%3d","ruleVersions":"","rules":"SVBCTE9DSw%3d%3d"},"format":"json","geo":{"asn":"20473","city":"FRANKFURT","continent":"EU","country":"DE","regionCode":"HE"},"httpMessage":{"bytes":"717","host":"cow.company.com","method":"POST","path":"/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh","port":"443","protocol":"HTTP/1.1","requestHeaders":"Host%3a%20cow.company.com%0d%0aOrigin%3a%20https%3a%2f%2fcow.company.com%0d%0aContent-Type%3a%20application%2fx-www-form-urlencoded%0d%0a","requestId":"59ea711b","responseHeaders":"Server%3a%20AkamaiGHost%0d%0aMime-Version%3a%201.0%0d%0aContent-Type%3a%20text%2fhtml%0d%0aContent-Length%3a%20717%0d%0aExpires%3a%20Tue,%2008%20Oct%202024%2007%3a49%3a37%20GMT%0d%0aDate%3a%20Tue,%2008%20Oct%202024%2007%3a49%3a37%20GMT%0d%0aConnection%3a%20close%0d%0aAkamai-GRN%3a%200.50fbd217.1728373777.59ea711b%0d%0aStrict-Transport-Security%3a%20max-age%3d15768000%20%3b%20includeSubDomains%0d%0a","start":"1728373777","status":"403","tls":"tls1.3"},"type":"akamai_siem","version":"1.0"}
+{"attackData":{"apiId":"API_234508975","apiKey":"","clientIP":"81.2.69.144","configId":"92384723","policyId":"prse_111965","ruleActions":"YWxlcnQ%3d%3bbW9uaXRvcg%3d%3d%3b","ruleData":"%3bZmVlZGZldGNoZXItZ29vZ2xl%3b","ruleMessages":"YXJlIHlvdSBzdGlsbCBsb29raW5nPw%3d%3d%3bUlNTIEZlZWQgUmVhZGVyIEJvdHM%3d%3b","ruleSelectors":"%3b%3b","ruleTags":"YWxlcnQ%3d%3bQUtBTUFJL0JPVC9BS0FNQUlfQ0FURUdPUklaRUQ%3d%3b","ruleVersions":"%3bMQ%3d%3d%3b","rules":"NjAxMDc4Njc%3d%3bMzk5MTAxNQ%3d%3d%3b"},"format":"json","geo":{"asn":"15169","city":"DALLAS","continent":"NA","country":"US","regionCode":"TX"},"httpMessage":{"bytes":"5405","host":"peeps.company.com","method":"GET","path":"/us/FundsRSS","port":"443","protocol":"HTTP/1.1","query":"FundId=%\u0026foo=1","requestHeaders":"Cache-Control%3a%20no-cache,max-age%3d0%0d%0aHost%3a%20peeps.company.com%0d%0aConnection%3a%20keep-alive%0d%0aAccept%3a%20*%2f*%0d%0aFrom%3a%20googlebot(at)googlebot.com%0d%0aUser-Agent%3a%20FeedFetcher-Google%3b%20(+http%3a%2f%2fwww.google.com%2ffeedfetcher.html)%0d%0aAccept-Encoding%3a%20gzip,%20deflate,%20br%0d%0a","requestId":"b7fb413c","responseHeaders":"Server%3a%20Company%20Server%0d%0aX-Frame-Options%3a%20SAMEORIGIN%0d%0aVary%3a%20accept-encoding%0d%0aContent-Encoding%3a%20gzip%0d%0aContent-Type%3a%20text%2fhtml%3bcharset%3dISO-8859-1%0d%0aContent-Length%3a%205405%0d%0aExpires%3a%20Mon,%2007%20Oct%202024%2007%3a00%3a47%20GMT%0d%0aCache-Control%3a%20max-age%3d0,%20no-cache,%20no-store%0d%0aDate%3a%20Mon,%2007%20Oct%202024%2007%3a00%3a47%20GMT%0d%0aConnection%3a%20keep-alive%0d%0a","start":"1728284447","status":"200","tls":"tls1.3"},"type":"akamai_siem","version":"1.0"}
+{"attackData":{"clientIP":"81.2.69.144","configId":"92384723","policyId":"prkg_252151","ruleActions":"ZGVueQ%3d%3d","ruleData":"","ruleMessages":"VW5hdXRob3JpemVkIHBlZXIgSVAgNDUuNjEuMTg4LjEzMSBpbiBWYW5ndWFyZCAtIENTT0MgQmxhY2tsaXN0","ruleSelectors":"","ruleTags":"SVBCTE9DSw%3d%3d","ruleVersions":"","rules":"SVBCTE9DSw%3d%3d"},"format":"json","geo":{"asn":"53667","city":"MIAMI","continent":"NA","country":"US","regionCode":"FL"},"httpMessage":{"bytes":"424","host":"prodgateway.company.com","method":"GET","path":"/plugins/weathermap/editor.php","port":"443","protocol":"HTTP/1.1","query":"plug=0\u0026mapname=poc.conf\u0026action=set_map_properties\u0026param\u0026param2\u0026debug=existing\u0026node_name\u0026node_x\u0026node_y\u0026node_new_name\u0026node_label\u0026node_infourl\u0026node_hover\u0026node_iconfilename=--NONE--\u0026link_name\u0026link_bandwidth_in\u0026link_bandwidth_out\u0026link_target\u0026link_width\u0026link_infourl\u0026link_hover\u0026map_title=46ea1712d4b13b55b3f680cc5b8b54e8\u0026map_legend=Traffic+Load\u0026map_stamp=Created:+%b+%d+%Y+%H:%M:%S\u0026map_linkdefaultwidth=7","requestHeaders":"Host%3a%20prodgateway.company.com%0d%0aUser-Agent%3a%20Mozilla%2f5.0%20(Windows%20NT%2010.0%3b%20rv%3a109.0)%20Gecko%2f20100101%20Firefox%2f118.0%0d%0aConnection%3a%20close%0d%0aAccept%3a%20*%2f*%0d%0aAccept-Language%3a%20en%0d%0aAccept-Encoding%3a%20gzip%0d%0a","requestId":"115683da","responseHeaders":"Server%3a%20AkamaiGHost%0d%0aMime-Version%3a%201.0%0d%0aContent-Type%3a%20text%2fhtml%0d%0aContent-Length%3a%20424%0d%0aExpires%3a%20Sat,%2005%20Oct%202024%2017%3a59%3a35%20GMT%0d%0aDate%3a%20Sat,%2005%20Oct%202024%2017%3a59%3a35%20GMT%0d%0aConnection%3a%20close%0d%0aAkamai-GRN%3a%200.9b9a2d17.1728151175.115683da%0d%0aStrict-Transport-Security%3a%20max-age%3d15768000%20%3b%20includeSubDomains%0d%0a","start":"1728151175","status":"403","tls":"tls1.3"},"type":"akamai_siem","version":"1.0"}
+{"total":10000,"offset":"71cca;3phZmEdPj6YEqml0rvbdWDZGW3mCiJIwjyhkJfsLFM2gVYPgE8-N_0CiLI9gwH0_4OJ87xDQ3b-gIsx_kEBdf7aaC_AvDpG9fMxypeaCma10FKrY9VKE","limit":10000}
diff --git a/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log-expected.json b/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log-expected.json
index 53132e063c5..0cf2a7612e9 100644
--- a/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log-expected.json
+++ b/packages/akamai/data_stream/siem/_dev/test/pipeline/test-http-json.log-expected.json
@@ -508,6 +508,1405 @@
                 "query": "a=../../../etc/passwd"
             }
         },
+        {
+            "@timestamp": "2016-08-11T13:45:33.026Z",
+            "akamai": {
+                "siem": {
+                    "bot": {
+                        "response_segment": 3,
+                        "score": 100
+                    },
+                    "client_data": {
+                        "app_bundle_id": "com.mydomain.myapp",
+                        "app_version": "1.23",
+                        "sdk_version": "4.7.1",
+                        "telemetry_type": 2
+                    },
+                    "config_id": "6724",
+                    "policy_id": "scoe_5426",
+                    "request": {
+                        "headers": {
+                            "Accept": "text/html,application/xhtml xml",
+                            "User-Agent": "BOT/0.1 (BOT for JCE)"
+                        }
+                    },
+                    "response": {
+                        "headers": {
+                            "Content-Type": "text/html",
+                            "Mime-Version": "1.0",
+                            "Server": "AkamaiGHost"
+                        }
+                    },
+                    "rules": [
+                        {
+                            "ruleActions": "failed to decode base64 data: Input byte array has wrong 4-byte ending unit: ////=",
+                            "ruleData": "failed to decode base64 data: Input byte array has wrong 4-byte ending unit: ////=",
+                            "ruleMessages": "failed to decode base64 data: Input byte array has wrong 4-byte ending unit: ////=",
+                            "ruleSelectors": "failed to decode base64 data: Input byte array has wrong 4-byte ending unit: ////=",
+                            "ruleTags": "failed to decode base64 data: Input byte array has wrong 4-byte ending unit: ////=",
+                            "rules": "failed to decode base64 data: Input byte array has wrong 4-byte ending unit: ////="
+                        },
+                        {
+                            "ruleActions": "failed to decode base64 data: Input byte array has wrong 4-byte ending unit: ////=",
+                            "ruleData": "failed to decode base64 data: Input byte array has wrong 4-byte ending unit: ////=",
+                            "ruleMessages": "failed to decode base64 data: Input byte array has wrong 4-byte ending unit: ////=",
+                            "ruleSelectors": "failed to decode base64 data: Input byte array has wrong 4-byte ending unit: ////=",
+                            "ruleTags": "failed to decode base64 data: Input byte array has wrong 4-byte ending unit: ////=",
+                            "rules": "failed to decode base64 data: Input byte array has wrong 4-byte ending unit: ////="
+                        }
+                    ],
+                    "user_risk": {
+                        "allow": 0,
+                        "general": {
+                            "duc_1d": "-",
+                            "duc_1h": "10",
+                            "duc_1w": "1"
+                        },
+                        "risk": {
+                            "udfp": "1325gdg4g4343g/M",
+                            "unp": "74256/H"
+                        },
+                        "score": 75,
+                        "status": 0,
+                        "trust": {
+                            "ugp": "US"
+                        },
+                        "uuid": "964d54b7-0821-413a-a4d6-8131770ec8d5"
+                    }
+                }
+            },
+            "client": {
+                "address": "89.160.20.156",
+                "as": {
+                    "number": 29518,
+                    "organization": {
+                        "name": "Bredband2 AB"
+                    }
+                },
+                "geo": {
+                    "city_name": "Linköping",
+                    "continent_name": "Europe",
+                    "country_iso_code": "SE",
+                    "country_name": "Sweden",
+                    "location": {
+                        "lat": 58.4167,
+                        "lon": 15.6167
+                    },
+                    "region_iso_code": "SE-E",
+                    "region_name": "Östergötland County"
+                },
+                "ip": "89.160.20.156"
+            },
+            "ecs": {
+                "version": "8.11.0"
+            },
+            "event": {
+                "category": [
+                    "network"
+                ],
+                "id": "2ab418ac8515f33",
+                "kind": "event",
+                "original": "{\"format\":\"json\",\"type\":\"akamai_siem\",\"version\":\"1.0\",\"attackData\":{\"clientIP\":\"89.160.20.156\",\"configId\":\"6724\",\"policyId\":\"scoe_5426\",\"ruleActions\":\"////=;////=\",\"ruleData\":\"////=;////=\",\"ruleMessages\":\"////=;////=\",\"ruleSelectors\":\"////=;////=\",\"ruleTags\":\"////=;////=\",\"ruleVersions\":\";\",\"rules\":\"////=;////=\"},\"geo\":{\"asn\":\"12271\",\"city\":\"NEWYORK\",\"continent\":\"NA\",\"country\":\"US\",\"regionCode\":\"NY\"},\"httpMessage\":{\"bytes\":\"34523\",\"host\":\"www.example.com\",\"method\":\"POST\",\"path\":\"/examples/1/\",\"port\":\"80\",\"protocol\":\"http/2\",\"query\":\"a=../../../etc/passwd%\",\"requestHeaders\":\"User-Agent%3a%20BOT%2f0.1%20(BOT%20for%20JCE)%0d%0aAccept%3a%20text%2fhtml,application%2fxhtml+xml\",\"requestId\":\"2ab418ac8515f33\",\"responseHeaders\":\"Server%3a%20AkamaiGHost%0d%0aMime-Version%3a%201.0%0d%0aContent-Type%3a%20text%2fhtml\",\"start\":\"1470923133.026\",\"status\":\"301\",\"tls\": \"TLSv1.2\"},\"userRiskData\":{\"uuid\":\"964d54b7-0821-413a-a4d6-8131770ec8d5\",\"status\":\"0\",\"score\":\"75\",\"risk\":\"udfp:1325gdg4g4343g/M|unp:74256/H\",\"trust\":\"ugp:US\",\"general\":\"duc_1h:10|duc_1d|duc_1w:1\",\"allow\":\"0\"},\"clientData\":{\"appBundleId\":\"com.mydomain.myapp\",\"appVersion\":\"1.23\",\"sdkVersion\":\"4.7.1\",\"telemetryType\":\"2\"},\"botData\":{\"botScore\":\"100\",\"responseSegment\":\"3\"}}",
+                "start": "2016-08-11T13:45:33.026Z"
+            },
+            "http": {
+                "request": {
+                    "id": "2ab418ac8515f33",
+                    "method": "POST"
+                },
+                "response": {
+                    "bytes": 34523,
+                    "status_code": 301
+                },
+                "version": "2"
+            },
+            "network": {
+                "protocol": "http",
+                "transport": "tcp"
+            },
+            "observer": {
+                "type": "proxy",
+                "vendor": "akamai"
+            },
+            "related": {
+                "ip": [
+                    "89.160.20.156"
+                ]
+            },
+            "source": {
+                "address": "89.160.20.156",
+                "as": {
+                    "number": 29518,
+                    "organization": {
+                        "name": "Bredband2 AB"
+                    }
+                },
+                "geo": {
+                    "city_name": "Linköping",
+                    "continent_name": "Europe",
+                    "country_iso_code": "SE",
+                    "country_name": "Sweden",
+                    "location": {
+                        "lat": 58.4167,
+                        "lon": 15.6167
+                    },
+                    "region_iso_code": "SE-E",
+                    "region_name": "Östergötland County"
+                },
+                "ip": "89.160.20.156"
+            },
+            "tags": [
+                "preserve_original_event"
+            ],
+            "tls": {
+                "version": "1.2",
+                "version_protocol": "tls"
+            },
+            "url": {
+                "domain": "www.example.com",
+                "full": "www.example.com/examples/1/",
+                "path": "/examples/1/",
+                "port": 80,
+                "query": "a=../../../etc/passwd%"
+            }
+        },
+        {
+            "@timestamp": "2024-10-09T15:13:13.000Z",
+            "akamai": {
+                "siem": {
+                    "config_id": "92384723",
+                    "policy_id": "prmb_232917",
+                    "request": {
+                        "headers": {
+                            "Accept": "application/json",
+                            "Accept-Encoding": "gzip, deflate, br",
+                            "Accept-Language": "en-US,en;q=0.9",
+                            "Content-Length": "292",
+                            "Content-Type": "application/json",
+                            "Cookie": "Mmmm Cookies",
+                            "Host": "otr.company.com",
+                            "Origin": "https://otr.company.com",
+                            "Referer": "https://otr.company.com/webapp/api/public/v1/login/username-password?excludeClientExperienceData=false",
+                            "User-Agent": "Beacon/12.68.0 (iOS/16.3.1; iPad7,5)",
+                            "felix": "isAjax:true",
+                            "felix_1": "isMobile:true",
+                            "session-id": "2BA252F5-F411-4A2F-8138-1D6ADCE4D2E2",
+                            "x-devicetype": "iPhone"
+                        }
+                    },
+                    "response": {
+                        "headers": {
+                            "Akamai-GRN": "0.c5263e17.1728486792.4511c6d",
+                            "Cache-Control": "max-age=0, no-cache, no-store",
+                            "Connection": "keep-alive",
+                            "Content-Encoding": "gzip",
+                            "Content-Length": "478",
+                            "Content-Type": "application/json; charset=utf-8",
+                            "Date": "Wed, 09 Oct 2024 15:13:13 GMT",
+                            "ETag": "W/\"375-ZjJkYjQ2ZmUzZmRhNTRhOWQ4-gzip\"",
+                            "Expires": "Wed, 09 Oct 2024 15:13:13 GMT",
+                            "Set-Cookie": [
+                                "XSRF-TOKENbe8b1ad-ab00-482d-8f51-0912bd6dbde6; path=/; domain=company.com",
+                                "TLTUID=D4E45D2371FC487AB770B38EF309441E; path=/%20Expires=Tue%20Oct%2010%202034%2003:13:12%20GMT 0000%20(Coordinated%20Universal%20Time); domain=company.com",
+                                "TLTSID=D4E45D2371FC487AB770B38EF309441E; path=/; domain=company.com"
+                            ],
+                            "Strict-Transport-Security": "max-age=15768000 ; includeSubDomains",
+                            "Vary": "Accept-Encoding",
+                            "X-Frame-Options": "SAMEORIGIN"
+                        }
+                    },
+                    "rule_actions": [
+                        "alert"
+                    ],
+                    "rule_tags": [
+                        "logon botnet mobile"
+                    ],
+                    "rules": [
+                        {
+                            "ruleActions": "alert",
+                            "ruleMessages": "hi!",
+                            "ruleTags": "logon botnet mobile",
+                            "rules": "60195491"
+                        },
+                        {
+                            "ruleActions": "alert",
+                            "ruleData": "Human - iOS",
+                            "ruleMessages": "TLS Hash: 146f1b9f97ddf1b5",
+                            "ruleSelectors": "H2 Hash: 0751A7D4",
+                            "rules": "60246913"
+                        }
+                    ],
+                    "user_risk": {
+                        "allow": 0,
+                        "status": 5
+                    }
+                }
+            },
+            "client": {
+                "address": "81.2.69.144",
+                "as": {
+                    "number": 7922
+                },
+                "geo": {
+                    "city_name": "London",
+                    "continent_name": "Europe",
+                    "country_iso_code": "GB",
+                    "country_name": "United Kingdom",
+                    "location": {
+                        "lat": 51.5142,
+                        "lon": -0.0931
+                    },
+                    "region_iso_code": "GB-ENG",
+                    "region_name": "England"
+                },
+                "ip": "81.2.69.144"
+            },
+            "ecs": {
+                "version": "8.11.0"
+            },
+            "event": {
+                "category": [
+                    "network"
+                ],
+                "id": "4511c6d",
+                "kind": "event",
+                "original": "{\"attackData\":{\"apiId\":\"API_908966\",\"apiKey\":\"\",\"clientIP\":\"81.2.69.144\",\"configId\":\"92384723\",\"policyId\":\"prmb_232917\",\"ruleActions\":\"YWxlcnQ%3d%3bYWxlcnQ%3d%3b\",\"ruleData\":\"%3bSHVtYW4gLSBpT1M%3d%3b\",\"ruleMessages\":\"aGkh%3bVExTIEhhc2g6IDE0NmYxYjlmOTdkZGYxYjU%3d%3b\",\"ruleSelectors\":\"%3bSDIgSGFzaDogMDc1MUE3RDQ%3d%3b\",\"ruleTags\":\"bG9nb24gYm90bmV0IG1vYmlsZQ%3d%3d%3b\",\"ruleVersions\":\"%3b%3b\",\"rules\":\"NjAxOTU0OTE%3d%3bNjAyNDY5MTM%3d%3b\"},\"format\":\"json\",\"geo\":{\"asn\":\"7922\",\"city\":\"ELKGROVEVILLAGE\",\"continent\":\"NA\",\"country\":\"US\",\"regionCode\":\"IL\"},\"httpMessage\":{\"bytes\":\"478\",\"host\":\"otr.company.com\",\"method\":\"POST\",\"path\":\"/webapp/api/public/v1/login/username-password\",\"port\":\"443\",\"protocol\":\"h2\",\"query\":\"excludeClientExperienceData=false\",\"requestHeaders\":\"Host%3a%20otr.company.com%0d%0aContent-Type%3a%20application%2fjson%0d%0afelix_1%3a%20isMobile%3atrue%0d%0aAccept-Encoding%3a%20gzip,%20deflate,%20br%0d%0aAccept%3a%20application%2fjson%0d%0ax-devicetype%3a%20iPhone%0d%0aAccept-Language%3a%20en-US,en%3bq%3d0.9%0d%0aOrigin%3a%20https%3a%2f%2fotr.company.com%0d%0aUser-Agent%3a%20Beacon%2f12.68.0%20(iOS%2f16.3.1%3b%20iPad7,5)%0d%0aReferer%3a%20https%3a%2f%2fotr.company.com%2fwebapp%2fapi%2fpublic%2fv1%2flogin%2fusername-password%3fexcludeClientExperienceData%3dfalse%0d%0afelix%3a%20isAjax%3atrue%0d%0asession-id%3a%202BA252F5-F411-4A2F-8138-1D6ADCE4D2E2%0d%0aContent-Length%3a%20292%0d%0aCookie%3a%20Mmmm%20Cookies%0d%0a\",\"requestId\":\"4511c6d\",\"responseHeaders\":\"Content-Encoding%3a%20gzip%0d%0aContent-Type%3a%20application%2fjson%3b%20charset%3dutf-8%0d%0aETag%3a%20W%2f%22375-ZjJkYjQ2ZmUzZmRhNTRhOWQ4-gzip%22%0d%0aServer%3a%20%0d%0aVary%3a%20Accept-Encoding%0d%0aX-Frame-Options%3a%20SAMEORIGIN%0d%0aContent-Length%3a%20478%0d%0aExpires%3a%20Wed,%2009%20Oct%202024%2015%3a13%3a13%20GMT%0d%0aCache-Control%3a%20max-age%3d0,%20no-cache,%20no-store%0d%0aDate%3a%20Wed,%2009%20Oct%202024%2015%3a13%3a13%20GMT%0d%0aConnection%3a%20keep-alive%0d%0aSet-Cookie%3a%20XSRF-TOKEN%62e8b1ad-ab00-482d-8f51-0912bd6dbde6%3b%20path%3d%2f%3b%20domain%3dcompany.com%0d%0aSet-Cookie%3a%20TLTUID%3dD4E45D2371FC487AB770B38EF309441E%3b%20path%3d%2f%2520Expires%3dTue%2520Oct%252010%25202034%252003%3a13%3a12%2520GMT+0000%2520(Coordinated%2520Universal%2520Time)%3b%20domain%3dcompany.com%0d%0aSet-Cookie%3a%20TLTSID%3dD4E45D2371FC487AB770B38EF309441E%3b%20path%3d%2f%3b%20domain%3dcompany.com%0d%0aAkamai-GRN%3a%200.c5263e17.1728486792.4511c6d%0d%0aStrict-Transport-Security%3a%20max-age%3d15768000%20%3b%20includeSubDomains%0d%0a\",\"start\":\"1728486793\",\"status\":\"200\",\"tls\":\"tls1.3\"},\"type\":\"akamai_siem\",\"userRiskData\":{\"allow\":\"0\",\"score\":\"\",\"status\":\"5\",\"uuid\":\"\"},\"version\":\"1.0\"}",
+                "start": "2024-10-09T15:13:13.000Z"
+            },
+            "http": {
+                "request": {
+                    "id": "4511c6d",
+                    "method": "POST"
+                },
+                "response": {
+                    "bytes": 478,
+                    "status_code": 200
+                }
+            },
+            "observer": {
+                "type": "proxy",
+                "vendor": "akamai"
+            },
+            "related": {
+                "ip": [
+                    "81.2.69.144"
+                ]
+            },
+            "source": {
+                "address": "81.2.69.144",
+                "as": {
+                    "number": 7922
+                },
+                "geo": {
+                    "city_name": "London",
+                    "continent_name": "Europe",
+                    "country_iso_code": "GB",
+                    "country_name": "United Kingdom",
+                    "location": {
+                        "lat": 51.5142,
+                        "lon": -0.0931
+                    },
+                    "region_iso_code": "GB-ENG",
+                    "region_name": "England"
+                },
+                "ip": "81.2.69.144"
+            },
+            "tags": [
+                "preserve_original_event"
+            ],
+            "url": {
+                "domain": "otr.company.com",
+                "full": "otr.company.com/webapp/api/public/v1/login/username-password?excludeClientExperienceData=false",
+                "path": "/webapp/api/public/v1/login/username-password",
+                "port": 443,
+                "query": "excludeClientExperienceData=false"
+            }
+        },
+        {
+            "@timestamp": "2024-10-09T15:10:52.000Z",
+            "akamai": {
+                "siem": {
+                    "config_id": "92384723",
+                    "policy_id": "prmb_232917",
+                    "request": {
+                        "headers": {
+                            "Accept": "application/json",
+                            "Accept-Encoding": "gzip, deflate, br",
+                            "Accept-Language": "en-US,en;q=0.9",
+                            "Content-Length": "2611",
+                            "Content-Type": "application/json",
+                            "Host": "otr.company.com",
+                            "Origin": "https://otr.company.com",
+                            "Referer": "https://otr.company.com/webapp/api/public/v1/log",
+                            "User-Agent": "Beacon/12.67.0 (iOS/17.6.1; iPhone15,3)",
+                            "felix": "isAjax:true",
+                            "felix_1": "isMobile:true",
+                            "session-id": "847B45BB-5F1B-48E8-9EC4-FF0D433C26A8",
+                            "x-xsrf-token": "5E6C3157-FC2E-4BE7-8E97-4383ACB2E80C"
+                        }
+                    },
+                    "response": {
+                        "headers": {
+                            "Akamai-GRN": "0.4a24c317.1728486652.39c13748",
+                            "Cache-Control": [
+                                "no-cache, no-store, must-revalidate",
+                                "max-age=0, no-cache, no-store"
+                            ],
+                            "Connection": "keep-alive",
+                            "Content-Length": "13",
+                            "Content-Type": "text/html",
+                            "Date": "Wed, 09 Oct 2024 15:10:52 GMT",
+                            "Expires": [
+                                "0",
+                                "Wed, 09 Oct 2024 15:10:52 GMT"
+                            ],
+                            "Location": "http://www.company.com/notfound.htm",
+                            "Mime-Version": "1.0",
+                            "Pragma": "no-cache",
+                            "Server": "AkamaiGHost",
+                            "Strict-Transport-Security": "max-age=15768000 ; includeSubDomains"
+                        }
+                    },
+                    "rule_actions": [
+                        "alert",
+                        "deny_custom_149525"
+                    ],
+                    "rule_tags": [
+                        "ase/web_attack/xss"
+                    ],
+                    "rules": [
+                        {
+                            "ruleActions": "alert",
+                            "ruleData": "failed to decode base64 data: Last unit does not have enough valid bits: QmlvbWV0cm...",
+                            "ruleMessages": "Cross-site Scripting (XSS) Attack (SmartDetect)",
+                            "ruleSelectors": "JSON_PAIRS:data[4].value",
+                            "ruleTags": "ASE/WEB_ATTACK/XSS",
+                            "ruleVersions": "3",
+                            "rules": "3000110"
+                        },
+                        {
+                            "ruleActions": "alert",
+                            "ruleData": "<META ",
+                            "ruleMessages": "Cross-site Scripting (XSS) Attack",
+                            "ruleSelectors": "JSON_PAIRS:data[4].value",
+                            "ruleTags": "ASE/WEB_ATTACK/XSS",
+                            "ruleVersions": "3",
+                            "rules": "3000116"
+                        },
+                        {
+                            "ruleActions": "deny_custom_149525",
+                            "ruleData": "Vector Score: 10, Group Threshold: 9, Triggered Rules: 3000110-3000116, Triggered Scores: 5-5, Triggered Selector: JSON_PAIRS:data[4].value, Mitigated Rules: , Last Matched Message: ",
+                            "ruleMessages": "Anomaly Score Exceeded for Cross-site Scripting (XSS) Attack",
+                            "ruleSelectors": "JSON_PAIRS:data[4].value",
+                            "ruleTags": "ASE/WEB_ATTACK/XSS",
+                            "ruleVersions": "3",
+                            "rules": "XSS-ANOMALY"
+                        }
+                    ]
+                }
+            },
+            "client": {
+                "address": "81.2.69.144",
+                "as": {
+                    "number": 62240
+                },
+                "geo": {
+                    "city_name": "London",
+                    "continent_name": "Europe",
+                    "country_iso_code": "GB",
+                    "country_name": "United Kingdom",
+                    "location": {
+                        "lat": 51.5142,
+                        "lon": -0.0931
+                    },
+                    "region_iso_code": "GB-ENG",
+                    "region_name": "England"
+                },
+                "ip": "81.2.69.144"
+            },
+            "ecs": {
+                "version": "8.11.0"
+            },
+            "event": {
+                "category": [
+                    "network"
+                ],
+                "id": "39c13748",
+                "kind": "event",
+                "original": "{\"attackData\":{\"apiId\":\"API_908966\",\"apiKey\":\"\",\"clientIP\":\"81.2.69.144\",\"configId\":\"92384723\",\"policyId\":\"prmb_232917\",\"ruleActions\":\"YWxlcnQ%3d%3bYWxlcnQ%3d%3bZGVueV9jdXN0b21fMTQ5NTI1\",\"ruleData\":\"QmlvbWV0cmljIEF1dGhlbnRpY2F0aW9uOjpGYWlsOjpUcmFuc21pdCBTREsgZmFpbGVkIHdpdGggZXJyb3IgY29kZSA6IDY0LCBlcnJvciBtZXNzYWdlIDogSFRUUCByZXNwb25zZSBlcnJvciBFcnJvciBkYXRhIDogW0FueUhhc2hhYmxlKCJwdWJsaWNfcHJvcGVydGllcyIpOiB7IH0sIEFueUhhc2hhYmxlKCJib2R5Iik6IDwhRE9DVFlQRSBIVE1MIFBVQkxJQyAiLS8vVzNDLy9EVEQgSFRNTCA0LjAxIFRyYW5zaXRpb25hbC8vRU4iICJodHRwOi8vd3d3LnczLm9yZy9UUi9odG1sNC9sb29zZS5kdGQiPiA8SFRNTD48SEVBRD48TUVUQSBIVFRQLUVRVUlWPSJDb250ZW50LVR5cGUiIENPTlRFTlQ9InRleHQvaHRtbDsgY2hhcnNldD1pc28tODg1OS0xIj4gPFRJVExFPkVSUk9SOiBUaGUgcmVxdWVzdCBjb3VsZCBub3QgYmUgc2F0aXNmaWVkPC9USVRMRT4gPC9IRUFEPjxCT0RZPiA8SDE+NDAzIEVSUk9SPC9IMT4gPEgyPlRoZSByZXF1ZXN0IGNvdWxkIG5vdCBiZSBzYXRpc2ZpZWQuPC9IMj4gPEhSIG5vc2hhZGUgc2l6ZT0iMXB4Ij4gUmVxdWVzdCBibG9ja2VkLiBXZSBjYW4ndCBjb25uZWN0IHRvIHRoZSBzZXJ2ZXIgZm9yIHRoaXMgYXBwIG9yIHdlYnNpdGUgYXQgdGhpcyB0aW1lLiBUaGVyZSBtaWdodCBiZSB0b28gbXVjaCB0cmFmZmljIG9yIGEgY29uZmlndXJhdGlvbiBlcnJvci4gVHJ5IGFnYWluIGxhdGVyLCBvciBjb250YWN0IHRoZSBhcHAgb3Igd2Vic2l0ZSBvd25lci4gPEJSIGNsZWFyPSJhbGwiPiBJZiB5b3UgcHJvdmlkZSBjb250ZW50IHRvIGN1c3RvbWVycyB0aHJvdWdoIENsb3VkRnJvbnQsIHlvdSBjYW4gZmluZCBzdGVwcyB0byB0cm91Ymxlc2hvb3QgYW5kIGhlbHAgcHJldmVudCB0aGlzIGVycm9yIGJ5IHJldmlld2luZyB0aGUgQ2xvdWRGcm9udCBkb2N1bWVudGF0aW9uLiA8QlIgY2xlYXI9ImFsbCI+IDxIUiBub3NoYWRlIHNpemU9IjFweCI+IDxQUkU+IEdlbmVyYXRlZCBieSBjbG91ZGZyb250IChDbG91ZEZyb250KSBSZXF1ZXN0IElEOiBDLWFuVm84MENlMThueWRFVl83eEVnNHdTRGRSN0Z5WC1CdzZNTDU4eF9pQVlXSllacXE3OXc9PSA8L1BSRT4gPEFERFJFU1M+IDwvQUREUkVTUz4gPC9CT0RZPjwvSFRNTD4sIEFueUhhc2hhYmxlKCJzdGF0dXMiKTogNDAzXQ%3d%3d%3bPE1FVEEg%3bVmVjdG9yIFNjb3JlOiAxMCwgR3JvdXAgVGhyZXNob2xkOiA5LCBUcmlnZ2VyZWQgUnVsZXM6IDMwMDAxMTAtMzAwMDExNiwgVHJpZ2dlcmVkIFNjb3JlczogNS01LCBUcmlnZ2VyZWQgU2VsZWN0b3I6IEpTT05fUEFJUlM6ZGF0YVs0XS52YWx1ZSwgTWl0aWdhdGVkIFJ1bGVzOiAsIExhc3QgTWF0Y2hlZCBNZXNzYWdlOiA%3d\",\"ruleMessages\":\"Q3Jvc3Mtc2l0ZSBTY3JpcHRpbmcgKFhTUykgQXR0YWNrIChTbWFydERldGVjdCk%3d%3bQ3Jvc3Mtc2l0ZSBTY3JpcHRpbmcgKFhTUykgQXR0YWNr%3bQW5vbWFseSBTY29yZSBFeGNlZWRlZCBmb3IgQ3Jvc3Mtc2l0ZSBTY3JpcHRpbmcgKFhTUykgQXR0YWNr\",\"ruleSelectors\":\"SlNPTl9QQUlSUzpkYXRhWzRdLnZhbHVl%3bSlNPTl9QQUlSUzpkYXRhWzRdLnZhbHVl%3bSlNPTl9QQUlSUzpkYXRhWzRdLnZhbHVl\",\"ruleTags\":\"QVNFL1dFQl9BVFRBQ0svWFNT%3bQVNFL1dFQl9BVFRBQ0svWFNT%3bQVNFL1dFQl9BVFRBQ0svWFNT\",\"ruleVersions\":\"Mw%3d%3d%3bMw%3d%3d%3bMw%3d%3d\",\"rules\":\"MzAwMDExMA%3d%3d%3bMzAwMDExNg%3d%3d%3bWFNTLUFOT01BTFk%3d\"},\"format\":\"json\",\"geo\":{\"asn\":\"62240\",\"city\":\"EDISON\",\"continent\":\"NA\",\"country\":\"US\",\"regionCode\":\"NJ\"},\"httpMessage\":{\"bytes\":\"13\",\"host\":\"otr.company.com\",\"method\":\"POST\",\"path\":\"/webapp/api/public/v1/log\",\"port\":\"443\",\"protocol\":\"h2\",\"requestHeaders\":\"Host%3a%20otr.company.com%0d%0aContent-Type%3a%20application%2fjson%0d%0afelix_1%3a%20isMobile%3atrue%0d%0aAccept%3a%20application%2fjson%0d%0aAccept-Language%3a%20en-US,en%3bq%3d0.9%0d%0ax-xsrf-token%3a%205E6C3157-FC2E-4BE7-8E97-4383ACB2E80C%0d%0aAccept-Encoding%3a%20gzip,%20deflate,%20br%0d%0aOrigin%3a%20https%3a%2f%2fotr.company.com%0d%0aUser-Agent%3a%20Beacon%2f12.67.0%20(iOS%2f17.6.1%3b%20iPhone15,3)%0d%0aReferer%3a%20https%3a%2f%2fotr.company.com%2fwebapp%2fapi%2fpublic%2fv1%2flog%0d%0afelix%3a%20isAjax%3atrue%0d%0asession-id%3a%20847B45BB-5F1B-48E8-9EC4-FF0D433C26A8%0d%0aContent-Length%3a%202611%0d%0a\",\"requestId\":\"39c13748\",\"responseHeaders\":\"Server%3a%20AkamaiGHost%0d%0aMime-Version%3a%201.0%0d%0aContent-Length%3a%2013%0d%0aCache-Control%3a%20no-cache,%20no-store,%20must-revalidate%0d%0aPragma%3a%20no-cache%0d%0aExpires%3a%200%0d%0aContent-Type%3a%20text%2fhtml%0d%0aLocation%3a%20http%3a%2f%2fwww.company.com%2fnotfound.htm%0d%0aExpires%3a%20Wed,%2009%20Oct%202024%2015%3a10%3a52%20GMT%0d%0aCache-Control%3a%20max-age%3d0,%20no-cache,%20no-store%0d%0aDate%3a%20Wed,%2009%20Oct%202024%2015%3a10%3a52%20GMT%0d%0aConnection%3a%20keep-alive%0d%0aAkamai-GRN%3a%200.4a24c317.1728486652.39c13748%0d%0aStrict-Transport-Security%3a%20max-age%3d15768000%20%3b%20includeSubDomains%0d%0a\",\"start\":\"1728486652\",\"status\":\"302\",\"tls\":\"tls1.3\"},\"type\":\"akamai_siem\",\"version\":\"1.0\"}",
+                "start": "2024-10-09T15:10:52.000Z"
+            },
+            "http": {
+                "request": {
+                    "id": "39c13748",
+                    "method": "POST"
+                },
+                "response": {
+                    "bytes": 13,
+                    "status_code": 302
+                }
+            },
+            "observer": {
+                "type": "proxy",
+                "vendor": "akamai"
+            },
+            "related": {
+                "ip": [
+                    "81.2.69.144"
+                ]
+            },
+            "source": {
+                "address": "81.2.69.144",
+                "as": {
+                    "number": 62240
+                },
+                "geo": {
+                    "city_name": "London",
+                    "continent_name": "Europe",
+                    "country_iso_code": "GB",
+                    "country_name": "United Kingdom",
+                    "location": {
+                        "lat": 51.5142,
+                        "lon": -0.0931
+                    },
+                    "region_iso_code": "GB-ENG",
+                    "region_name": "England"
+                },
+                "ip": "81.2.69.144"
+            },
+            "tags": [
+                "preserve_original_event"
+            ],
+            "url": {
+                "domain": "otr.company.com",
+                "full": "otr.company.com/webapp/api/public/v1/log",
+                "path": "/webapp/api/public/v1/log",
+                "port": 443
+            }
+        },
+        {
+            "@timestamp": "2024-10-09T14:47:07.000Z",
+            "akamai": {
+                "siem": {
+                    "config_id": "92384723",
+                    "policy_id": "prmb_232917",
+                    "request": {
+                        "headers": {
+                            "Accept": "application/json",
+                            "Accept-Encoding": "gzip, deflate, br",
+                            "Accept-Language": "en-US,en;q=0.9",
+                            "Content-Length": "3073",
+                            "Content-Type": "application/json",
+                            "Host": "otr.company.com",
+                            "Origin": "https://otr.company.com",
+                            "Referer": "https://otr.company.com/webapp/api/public/v1/log",
+                            "User-Agent": "Beacon/12.68.0 (iOS/17.6.1; iPhone15,4)",
+                            "felix": "isAjax:true",
+                            "felix_1": "isMobile:true",
+                            "session-id": "90562D50-F7E6-4CE1-8C0A-F1F04ABA0886",
+                            "x-xsrf-token": "526A9862-F26B-47D9-8727-108CEEC2FC6D"
+                        }
+                    },
+                    "rule_actions": [
+                        "alert",
+                        "deny_custom_149525"
+                    ],
+                    "rule_tags": [
+                        "ase/web_attack/xss"
+                    ],
+                    "rules": [
+                        {
+                            "ruleActions": "alert",
+                            "ruleData": "failed to decode base64 data: Input byte array has wrong 4-byte ending unit: QmlvbWV0cm...",
+                            "ruleMessages": "Cross-site Scripting (XSS) Attack (SmartDetect)",
+                            "ruleSelectors": "JSON_PAIRS:data[3].value",
+                            "ruleTags": "ASE/WEB_ATTACK/XSS",
+                            "ruleVersions": "3",
+                            "rules": "3000110"
+                        },
+                        {
+                            "ruleActions": "alert",
+                            "ruleData": "<META ",
+                            "ruleMessages": "Cross-site Scripting (XSS) Attack",
+                            "ruleSelectors": "JSON_PAIRS:data[3].value",
+                            "ruleTags": "ASE/WEB_ATTACK/XSS",
+                            "ruleVersions": "3",
+                            "rules": "3000116"
+                        },
+                        {
+                            "ruleActions": "deny_custom_149525",
+                            "ruleData": "Vector Score: 10, Group Threshold: 9, Triggered Rules: 3000110-3000116, Triggered Scores: 5-5, Triggered Selector: JSON_PAIRS:data[3].value, Mitigated Rules: , Last Matched Message: ",
+                            "ruleMessages": "Anomaly Score Exceeded for Cross-site Scripting (XSS) Attack",
+                            "ruleSelectors": "JSON_PAIRS:data[3].value",
+                            "ruleTags": "ASE/WEB_ATTACK/XSS",
+                            "ruleVersions": "3",
+                            "rules": "XSS-ANOMALY"
+                        }
+                    ]
+                }
+            },
+            "client": {
+                "address": "81.2.69.144",
+                "as": {
+                    "number": 701
+                },
+                "geo": {
+                    "city_name": "London",
+                    "continent_name": "Europe",
+                    "country_iso_code": "GB",
+                    "country_name": "United Kingdom",
+                    "location": {
+                        "lat": 51.5142,
+                        "lon": -0.0931
+                    },
+                    "region_iso_code": "GB-ENG",
+                    "region_name": "England"
+                },
+                "ip": "81.2.69.144"
+            },
+            "ecs": {
+                "version": "8.11.0"
+            },
+            "event": {
+                "category": [
+                    "network"
+                ],
+                "kind": "event",
+                "original": "{\"attackData\":{\"apiId\":\"API_908966\",\"apiKey\":\"\",\"clientIP\":\"81.2.69.144\",\"configId\":\"92384723\",\"policyId\":\"prmb_232917\",\"ruleActions\":\"YWxlcnQ%3d%3bYWxlcnQ%3d%3bZGVueV9jdXN0b21fMTQ5NTI1\",\"ruleData\":\"QmlvbWV0cmljIEF1dGhlbnRpY2F0aW9uOjpGYWlsOjpUcmFuc21pdCBTREsgZmFpbGVkIHdpdGggZXJyb3IgY29kZSA6IDY0LCBlcnJvciBtZXNzYWdlIDogSFRUUCByZXNwb25zZSBlcnJvciBFcnJvciBkYXRhIDogW0FueUhhc2hhYmxlKCJzdGF0dXMiKTogNDAzLCBBbnlIYXNoYWJsZSgicHVibGljX3Byb3BlcnRpZXMiKTogeyB9LCBBbnlIYXNoYWJsZSgiYm9keSIpOiA8IURPQ1RZUEUgSFRNTCBQVUJMSUMgIi0vL1czQy8vRFREIEhUTUwgNC4wMSBUcmFuc2l0aW9uYWwvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvVFIvaHRtbDQvbG9vc2UuZHRkIj4gPEhUTUw+PEhFQUQ+PE1FVEEgSFRUUC1FUVVJVj0iQ29udGVudC1UeXBlIiBDT05URU5UPSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9aXNvLTg4NTktMSI+IDxUSVRMRT5FUlJPUjogVGhlIHJlcXVlc3QgY291bGQgbm90IGJlIHNhdGlzZmllZDwvVElUTEU+IDwvSEVBRD48Qk9EWT4gPEgxPjQwMyBFUlJPUjwvSDE+IDxIMj5UaGUgcmVxdWVzdCBjb3VsZCBub3QgYmUgc2F0aXNmaWVkLjwvSDI+IDxIUiBub3NoYWRlIHNpemU9IjFweCI+IFJlcXVlc3QgYmxvY2tlZC4gV2UgY2FuJ3QgY29ubmVjdCB0byB0aGUgc2VydmVyIGZvciB0aGlzIGFwcCBvciB3ZWJzaXRlIGF0IHRoaXMgdGltZS4gVGhlcmUgbWlnaHQgYmUgdG9vIG11Y2ggdHJhZmZpYyBvciBhIGNvbmZpZ3VyYXRpb24gZXJyb3IuIFRyeSBhZ2FpbiBsYXRlciwgb3IgY29udGFjdCB0aGUgYXBwIG9yIHdlYnNpdGUgb3duZXIuIDxCUiBjbGVhcj0iYWxsIj4gSWYgeW91IHByb3ZpZGUgY29udGVudCB0byBjdXN0b21lcnMgdGhyb3VnaCBDbG91ZEZyb250LCB5b3UgY2FuIGZpbmQgc3RlcHMgdG8gdHJvdWJsZXNob290IGFuZCBoZWxwIHByZXZlbnQgdGhpcyBlcnJvciBieSByZXZpZXdpbmcgdGhlIENsb3VkRnJvbnQgZG9jdW1lbnRhdGlvbi4gPEJSIGNsZWFyPSJhbGwiPiA8SFIgbm9zaGFkZSBzaXplPSIxcHgiPiA8UFJFPiBHZW5lcmF0ZWQgYnkgY2xvdWRmcm9udCAoQ2xvdWRGcm9udCkgUmVxdWVzdCBJRDogTjVQbmI1elRXRVUzb19YclpVRUNVZnFCSl9DX0pVSk1TcUFlV0NJNDFqOFlLWlhXVjBqMDlBPT0gPC9QUkU+IDxBRERSRVNTPiA8L0FERFJFU1M+IDwvQk9EWT48L0hUTUw+XQ%3d%3d%3bPE1FVEEg%3bVmVjdG9yIFNjb3JlOiAxMCwgR3JvdXAgVGhyZXNob2xkOiA5LCBUcmlnZ2VyZWQgUnVsZXM6IDMwMDAxMTAtMzAwMDExNiwgVHJpZ2dlcmVkIFNjb3JlczogNS01LCBUcmlnZ2VyZWQgU2VsZWN0b3I6IEpTT05fUEFJUlM6ZGF0YVszXS52YWx1ZSwgTWl0aWdhdGVkIFJ1bGVzOiAsIExhc3QgTWF0Y2hlZCBNZXNzYWdlOiA%3d\",\"ruleMessages\":\"Q3Jvc3Mtc2l0ZSBTY3JpcHRpbmcgKFhTUykgQXR0YWNrIChTbWFydERldGVjdCk%3d%3bQ3Jvc3Mtc2l0ZSBTY3JpcHRpbmcgKFhTUykgQXR0YWNr%3bQW5vbWFseSBTY29yZSBFeGNlZWRlZCBmb3IgQ3Jvc3Mtc2l0ZSBTY3JpcHRpbmcgKFhTUykgQXR0YWNr\",\"ruleSelectors\":\"SlNPTl9QQUlSUzpkYXRhWzNdLnZhbHVl%3bSlNPTl9QQUlSUzpkYXRhWzNdLnZhbHVl%3bSlNPTl9QQUlSUzpkYXRhWzNdLnZhbHVl\",\"ruleTags\":\"QVNFL1dFQl9BVFRBQ0svWFNT%3bQVNFL1dFQl9BVFRBQ0svWFNT%3bQVNFL1dFQl9BVFRBQ0svWFNT\",\"ruleVersions\":\"Mw%3d%3d%3bMw%3d%3d%3bMw%3d%3d\",\"rules\":\"MzAwMDExMA%3d%3d%3bMzAwMDExNg%3d%3d%3bWFNTLUFOT01BTFk%3d\"},\"format\":\"json\",\"geo\":{\"asn\":\"701\",\"city\":\"WARRINGTON\",\"continent\":\"NA\",\"country\":\"US\",\"regionCode\":\"PA\"},\"httpMessage\":{\"bytes\":\"13\",\"host\":\"otr.company.com\",\"method\":\"POST\",\"path\":\"/webapp/api/public/v1/log\",\"port\":\"443\",\"protocol\":\"h2\",\"requestHeaders\":\"Host%3a%20otr.company.com%0d%0aContent-Type%3a%20application%2fjson%0d%0afelix_1%3a%20isMobile%3atrue%0d%0aAccept%3a%20application%2fjson%0d%0aAccept-Language%3a%20en-US,en%3bq%3d0.9%0d%0ax-xsrf-token%3a%20526A9862-F26B-47D9-8727-108CEEC2FC6D%0d%0aAccept-Encoding%3a%20gzip,%20deflate,%20br%0d%0aOrigin%3a%20https%3a%2f%2fotr.company.com%0d%0aUser-Agent%3a%20Beacon%2f12.68.0%20(iOS%2f17.6.1%3b%20iPhone15,4)%0d%0aReferer%3a%20https%3a%2f%2fotr.company.com%2fwebapp%2fapi%2fpublic%2fv1%2flog%0d%0afelix%3a%20isAjax%3atrue%0d%0asession-id%3a%2090562D50-F7E6-4CE1-8C0A-F1F04ABA0886%0d%0aContent-Length%3a%203073%0d%0a\",\"start\":\"1728485227\",\"status\":\"302\",\"tls\":\"tls1.3\"},\"type\":\"akamai_siem\",\"version\":\"1.0\"}",
+                "start": "2024-10-09T14:47:07.000Z"
+            },
+            "http": {
+                "request": {
+                    "method": "POST"
+                },
+                "response": {
+                    "bytes": 13,
+                    "status_code": 302
+                }
+            },
+            "observer": {
+                "type": "proxy",
+                "vendor": "akamai"
+            },
+            "related": {
+                "ip": [
+                    "81.2.69.144"
+                ]
+            },
+            "source": {
+                "address": "81.2.69.144",
+                "as": {
+                    "number": 701
+                },
+                "geo": {
+                    "city_name": "London",
+                    "continent_name": "Europe",
+                    "country_iso_code": "GB",
+                    "country_name": "United Kingdom",
+                    "location": {
+                        "lat": 51.5142,
+                        "lon": -0.0931
+                    },
+                    "region_iso_code": "GB-ENG",
+                    "region_name": "England"
+                },
+                "ip": "81.2.69.144"
+            },
+            "tags": [
+                "preserve_original_event"
+            ],
+            "url": {
+                "domain": "otr.company.com",
+                "full": "otr.company.com/webapp/api/public/v1/log",
+                "path": "/webapp/api/public/v1/log",
+                "port": 443
+            }
+        },
+        {
+            "@timestamp": "2024-10-09T14:36:02.000Z",
+            "akamai": {
+                "siem": {
+                    "config_id": "92384723",
+                    "policy_id": "prse_111965",
+                    "request": {
+                        "headers": {
+                            "Accept": "text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8",
+                            "Accept-Encoding": "gzip, deflate, br",
+                            "Accept-Language": "en-US,en;q=0.9",
+                            "Host": "peeps.company.com",
+                            "Referer": "https://peeps.company.com/us/gets?Action=add",
+                            "User-Agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 17_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/336.0.679286625 Mobile/15E148 Safari/604.1",
+                            "sec-fetch-dest": "document",
+                            "sec-fetch-mode": "navigate",
+                            "sec-fetch-site": "same-origin"
+                        }
+                    },
+                    "rule_actions": [
+                        "alert"
+                    ],
+                    "rule_tags": [
+                        "alert"
+                    ],
+                    "rules": [
+                        {
+                            "ruleActions": "alert",
+                            "ruleMessages": "nothing to see here",
+                            "ruleTags": "alert",
+                            "rules": "60107867"
+                        }
+                    ]
+                }
+            },
+            "client": {
+                "address": "81.2.69.144",
+                "as": {
+                    "number": 6128
+                },
+                "geo": {
+                    "city_name": "London",
+                    "continent_name": "Europe",
+                    "country_iso_code": "GB",
+                    "country_name": "United Kingdom",
+                    "location": {
+                        "lat": 51.5142,
+                        "lon": -0.0931
+                    },
+                    "region_iso_code": "GB-ENG",
+                    "region_name": "England"
+                },
+                "ip": "81.2.69.144"
+            },
+            "ecs": {
+                "version": "8.11.0"
+            },
+            "event": {
+                "category": [
+                    "network"
+                ],
+                "kind": "event",
+                "original": "{\"attackData\":{\"clientIP\":\"81.2.69.144\",\"configId\":\"92384723\",\"policyId\":\"prse_111965\",\"ruleActions\":\"YWxlcnQ%3d%3b\",\"ruleData\":\"%3b\",\"ruleMessages\":\"bm90aGluZyB0byBzZWUgaGVyZQ%3d%3d%3b\",\"ruleSelectors\":\"%3b\",\"ruleTags\":\"YWxlcnQ%3d%3b\",\"ruleVersions\":\"%3b\",\"rules\":\"NjAxMDc4Njc%3d%3b\"},\"format\":\"json\",\"geo\":{\"asn\":\"6128\",\"city\":\"OSSINING\",\"continent\":\"NA\",\"country\":\"US\",\"regionCode\":\"NY\"},\"httpMessage\":{\"bytes\":\"226\",\"host\":\"peeps.company.com\",\"method\":\"GET\",\"path\":\"/%s/TransViewProfile\",\"port\":\"443\",\"protocol\":\"h2\",\"requestHeaders\":\"Host%3a%20peeps.company.com%0d%0aAccept%3a%20text%2fhtml,application%2fxhtml+xml,application%2fxml%3bq%3d0.9,*%2f*%3bq%3d0.8%0d%0asec-fetch-site%3a%20same-origin%0d%0asec-fetch-dest%3a%20document%0d%0aAccept-Language%3a%20en-US,en%3bq%3d0.9%0d%0asec-fetch-mode%3a%20navigate%0d%0aUser-Agent%3a%20Mozilla%2f5.0%20(iPhone%3b%20CPU%20iPhone%20OS%2017_6%20like%20Mac%20OS%20X)%20AppleWebKit%2f605.1.15%20(KHTML,%20like%20Gecko)%20GSA%2f336.0.679286625%20Mobile%2f15E148%20Safari%2f604.1%0d%0aReferer%3a%20https%3a%2f%2fpeeps.company.com%2fus%2fgets%3fAction%3dadd%0d%0aAccept-Encoding%3a%20gzip,%20deflate,%20br%0d%0a\",\"start\":\"1728484562\",\"status\":\"400\",\"tls\":\"tls1.3\"},\"type\":\"akamai_siem\",\"version\":\"1.0\"}",
+                "start": "2024-10-09T14:36:02.000Z"
+            },
+            "http": {
+                "request": {
+                    "method": "GET"
+                },
+                "response": {
+                    "bytes": 226,
+                    "status_code": 400
+                }
+            },
+            "observer": {
+                "type": "proxy",
+                "vendor": "akamai"
+            },
+            "related": {
+                "ip": [
+                    "81.2.69.144"
+                ]
+            },
+            "source": {
+                "address": "81.2.69.144",
+                "as": {
+                    "number": 6128
+                },
+                "geo": {
+                    "city_name": "London",
+                    "continent_name": "Europe",
+                    "country_iso_code": "GB",
+                    "country_name": "United Kingdom",
+                    "location": {
+                        "lat": 51.5142,
+                        "lon": -0.0931
+                    },
+                    "region_iso_code": "GB-ENG",
+                    "region_name": "England"
+                },
+                "ip": "81.2.69.144"
+            },
+            "tags": [
+                "preserve_original_event"
+            ],
+            "url": {
+                "domain": "peeps.company.com",
+                "full": "peeps.company.com/%s/TransViewProfile",
+                "path": "/%s/TransViewProfile",
+                "port": 443
+            }
+        },
+        {
+            "client": {
+                "geo": {
+                    "region_iso_code": "-"
+                }
+            },
+            "ecs": {
+                "version": "8.11.0"
+            },
+            "event": {
+                "category": [
+                    "network"
+                ],
+                "kind": "event",
+                "original": "{\"detail\":\"Not enough replicas available for query at consistency LOCAL_ONE (1 required but only 0 alive)\",\"status\":500,\"title\":\"Server error\"}"
+            },
+            "observer": {
+                "type": "proxy",
+                "vendor": "akamai"
+            },
+            "source": {
+                "geo": {
+                    "region_iso_code": "-"
+                }
+            },
+            "tags": [
+                "preserve_original_event"
+            ]
+        },
+        {
+            "@timestamp": "2024-10-09T12:30:33.000Z",
+            "akamai": {
+                "siem": {
+                    "config_id": "92384723",
+                    "policy_id": "prse_111965",
+                    "request": {
+                        "headers": {
+                            "Accept": "text/html,application/xhtml xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
+                            "Accept-Encoding": "gzip, deflate, br, zstd",
+                            "Accept-Language": "en-US,en;q=0.9",
+                            "Host": "peeps.company.com",
+                            "Sec-CH-UA": "\"Google Chrome\";v=\"129\", \"Not=A?Brand\";v=\"8\", \"Chromium\";v=\"129\"",
+                            "Sec-CH-UA-Mobile": "?0",
+                            "Sec-CH-UA-Platform": "\"Windows\"",
+                            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36",
+                            "priority": "u=0, i",
+                            "purpose": "prefetch",
+                            "sec-fetch-dest": "document",
+                            "sec-fetch-mode": "navigate",
+                            "sec-fetch-site": "none",
+                            "sec-fetch-user": "?1",
+                            "sec-purpose": "prefetch;prerender",
+                            "upgrade-insecure-requests": "1"
+                        }
+                    },
+                    "rule_actions": [
+                        "alert"
+                    ],
+                    "rule_tags": [
+                        "alert"
+                    ],
+                    "rules": [
+                        {
+                            "ruleActions": "alert",
+                            "ruleMessages": "failed to decode base64 data: Input byte array has wrong 4-byte ending unit: ZjM3MGFlN2...",
+                            "ruleTags": "alert",
+                            "rules": "60107867"
+                        }
+                    ]
+                }
+            },
+            "client": {
+                "address": "81.2.69.144",
+                "as": {
+                    "number": 26703
+                },
+                "geo": {
+                    "city_name": "London",
+                    "continent_name": "Europe",
+                    "country_iso_code": "GB",
+                    "country_name": "United Kingdom",
+                    "location": {
+                        "lat": 51.5142,
+                        "lon": -0.0931
+                    },
+                    "region_iso_code": "GB-ENG",
+                    "region_name": "England"
+                },
+                "ip": "81.2.69.144"
+            },
+            "ecs": {
+                "version": "8.11.0"
+            },
+            "event": {
+                "category": [
+                    "network"
+                ],
+                "kind": "event",
+                "original": "{\"attackData\":{\"apiId\":\"API_234508975\",\"apiKey\":\"\",\"clientIP\":\"81.2.69.144\",\"configId\":\"92384723\",\"policyId\":\"prse_111965\",\"ruleActions\":\"YWxlcnQ%3d%3b\",\"ruleData\":\"%3b\",\"ruleMessages\":\"ZjM3MGFlN2VjN2FhNThkZDIwMjk2ODUzOTU1NTllOWMgIC0K%3d%3b\",\"ruleSelectors\":\"%3b\",\"ruleTags\":\"YWxlcnQ%3d%3b\",\"ruleVersions\":\"%3b\",\"rules\":\"NjAxMDc4Njc%3d%3b\"},\"format\":\"json\",\"geo\":{\"asn\":\"26703\",\"city\":\"PARIS\",\"continent\":\"NA\",\"country\":\"TX\",\"regionCode\":\"TX\"},\"httpMessage\":{\"bytes\":\"0\",\"host\":\"peeps.company.com\",\"method\":\"GET\",\"path\":\"/us/hnwnesc/nesc/LoginPage\",\"port\":\"443\",\"protocol\":\"h2\",\"query\":\"TYPE=33554433\\u0026REALMOID=06-fbf500ab-f4e9-4b4f-9b24-eb3b17a3549f\\u0026GUID=\\u0026SMAUTHREASON=0\\u0026METHOD=GET\\u0026SMAGENTNAME=soeprd01\\u0026TARGET=$SM$%2fmy-accounts%2faccount-overview%\",\"requestHeaders\":\"Host%3a%20peeps.company.com%0d%0aSec-CH-UA%3a%20%22Google%20Chrome%22%3bv%3d%22129%22,%20%22Not%3dA%3fBrand%22%3bv%3d%228%22,%20%22Chromium%22%3bv%3d%22129%22%0d%0aSec-CH-UA-Mobile%3a%20%3f0%0d%0aSec-CH-UA-Platform%3a%20%22Windows%22%0d%0aupgrade-insecure-requests%3a%201%0d%0aUser-Agent%3a%20Mozilla%2f5.0%20(Windows%20NT%2010.0%3b%20Win64%3b%20x64)%20AppleWebKit%2f537.36%20(KHTML,%20like%20Gecko)%20Chrome%2f129.0.0.0%20Safari%2f537.36%0d%0asec-purpose%3a%20prefetch%3bprerender%0d%0apurpose%3a%20prefetch%0d%0aAccept%3a%20text%2fhtml,application%2fxhtml+xml,application%2fxml%3bq%3d0.9,image%2favif,image%2fwebp,image%2fapng,*%2f*%3bq%3d0.8,application%2fsigned-exchange%3bv%3db3%3bq%3d0.7%0d%0asec-fetch-site%3a%20none%0d%0asec-fetch-mode%3a%20navigate%0d%0asec-fetch-user%3a%20%3f1%0d%0asec-fetch-dest%3a%20document%0d%0aAccept-Encoding%3a%20gzip,%20deflate,%20br,%20zstd%0d%0aAccept-Language%3a%20en-US,en%3bq%3d0.9%0d%0apriority%3a%20u%3d0,%20i%0d%0a\",\"start\":\"1728477033\",\"status\":\"301\",\"tls\":\"tls1.3\"},\"type\":\"akamai_siem\",\"version\":\"1.0\"}",
+                "start": "2024-10-09T12:30:33.000Z"
+            },
+            "http": {
+                "request": {
+                    "method": "GET"
+                },
+                "response": {
+                    "bytes": 0,
+                    "status_code": 301
+                }
+            },
+            "observer": {
+                "type": "proxy",
+                "vendor": "akamai"
+            },
+            "related": {
+                "ip": [
+                    "81.2.69.144"
+                ]
+            },
+            "source": {
+                "address": "81.2.69.144",
+                "as": {
+                    "number": 26703
+                },
+                "geo": {
+                    "city_name": "London",
+                    "continent_name": "Europe",
+                    "country_iso_code": "GB",
+                    "country_name": "United Kingdom",
+                    "location": {
+                        "lat": 51.5142,
+                        "lon": -0.0931
+                    },
+                    "region_iso_code": "GB-ENG",
+                    "region_name": "England"
+                },
+                "ip": "81.2.69.144"
+            },
+            "tags": [
+                "preserve_original_event"
+            ],
+            "url": {
+                "domain": "peeps.company.com",
+                "full": "peeps.company.com/us/hnwnesc/nesc/LoginPage",
+                "path": "/us/hnwnesc/nesc/LoginPage",
+                "port": 443,
+                "query": "TYPE=33554433&REALMOID=06-fbf500ab-f4e9-4b4f-9b24-eb3b17a3549f&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=soeprd01&TARGET=$SM$%2fmy-accounts%2faccount-overview%"
+            }
+        },
+        {
+            "@timestamp": "2024-10-09T10:46:07.000Z",
+            "akamai": {
+                "siem": {
+                    "config_id": "92384723",
+                    "policy_id": "prse_111965",
+                    "request": {
+                        "headers": {
+                            "Accept": "*/*",
+                            "Accept-Encoding": "gzip, br, deflate",
+                            "From": "gptbot(at)openai.com",
+                            "Host": "investor.company.com",
+                            "User-Agent": "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2;  https://openai.com/gptbot)",
+                            "remove-dup-edge-ctrl-headers-rollout-enabled": "1",
+                            "x-openai-host-hash": "905516960"
+                        }
+                    },
+                    "response": {
+                        "headers": {
+                            "Akamai-Cache-Status": "NotCacheable from child",
+                            "Akamai-GRN": "0.972c2d17.1728470767.1770e7d9",
+                            "Connection": "keep-alive",
+                            "Content-Length": "122",
+                            "Content-Type": "text/html",
+                            "Date": "Wed, 09 Oct 2024 10:46:07 GMT",
+                            "Server": "awselb/2.0",
+                            "Strict-Transport-Security": "max-age=15768000 ; includeSubDomains"
+                        }
+                    },
+                    "rule_actions": [
+                        "monitor"
+                    ],
+                    "rule_tags": [
+                        "akamai/bot/akamai_categorized"
+                    ],
+                    "rules": [
+                        {
+                            "ruleActions": "monitor",
+                            "ruleData": "gptbot",
+                            "ruleMessages": "Web Search Engine Bots",
+                            "ruleTags": "AKAMAI/BOT/AKAMAI_CATEGORIZED",
+                            "ruleVersions": "1",
+                            "rules": "3991006"
+                        }
+                    ]
+                }
+            },
+            "client": {
+                "address": "81.2.69.144",
+                "as": {
+                    "number": 8075
+                },
+                "geo": {
+                    "city_name": "London",
+                    "continent_name": "Europe",
+                    "country_iso_code": "GB",
+                    "country_name": "United Kingdom",
+                    "location": {
+                        "lat": 51.5142,
+                        "lon": -0.0931
+                    },
+                    "region_iso_code": "GB-ENG",
+                    "region_name": "England"
+                },
+                "ip": "81.2.69.144"
+            },
+            "ecs": {
+                "version": "8.11.0"
+            },
+            "event": {
+                "category": [
+                    "network"
+                ],
+                "id": "1770e7d9",
+                "kind": "event",
+                "original": "{\"attackData\":{\"clientIP\":\"81.2.69.144\",\"configId\":\"92384723\",\"policyId\":\"prse_111965\",\"ruleActions\":\"bW9uaXRvcg%3d%3d%3b\",\"ruleData\":\"Z3B0Ym90%3b\",\"ruleMessages\":\"V2ViIFNlYXJjaCBFbmdpbmUgQm90cw%3d%3d%3b\",\"ruleSelectors\":\"%3b\",\"ruleTags\":\"QUtBTUFJL0JPVC9BS0FNQUlfQ0FURUdPUklaRUQ%3d%3b\",\"ruleVersions\":\"MQ%3d%3d%3b\",\"rules\":\"Mzk5MTAwNg%3d%3d%3b\"},\"format\":\"json\",\"geo\":{\"asn\":\"8075\",\"city\":\"PHOENIX\",\"continent\":\"NA\",\"country\":\"US\",\"regionCode\":\"AZ\"},\"httpMessage\":{\"bytes\":\"122\",\"host\":\"investor.company.com\",\"method\":\"GET\",\"path\":\"/etf/profile/FNQ%20Company%20ETW%20Profile\",\"port\":\"443\",\"protocol\":\"h2\",\"requestHeaders\":\"Host%3a%20investor.company.com%0d%0ax-openai-host-hash%3a%20905516960%0d%0aAccept%3a%20*%2f*%0d%0aFrom%3a%20gptbot(at)openai.com%0d%0aUser-Agent%3a%20Mozilla%2f5.0%20AppleWebKit%2f537.36%20(KHTML,%20like%20Gecko%3b%20compatible%3b%20GPTBot%2f1.2%3b%20+https%3a%2f%2fopenai.com%2fgptbot)%0d%0aAccept-Encoding%3a%20gzip,%20br,%20deflate%0d%0aremove-dup-edge-ctrl-headers-rollout-enabled%3a%201%0d%0a\",\"requestId\":\"1770e7d9\",\"responseHeaders\":\"Server%3a%20awselb%2f2.0%0d%0aContent-Type%3a%20text%2fhtml%0d%0aContent-Length%3a%20122%0d%0aDate%3a%20Wed,%2009%20Oct%202024%2010%3a46%3a07%20GMT%0d%0aConnection%3a%20keep-alive%0d%0aAkamai-Cache-Status%3a%20NotCacheable%20from%20child%0d%0aAkamai-GRN%3a%200.972c2d17.1728470767.1770e7d9%0d%0aStrict-Transport-Security%3a%20max-age%3d15768000%20%3b%20includeSubDomains%0d%0a\",\"start\":\"1728470767\",\"status\":\"400\",\"tls\":\"tls1.3\"},\"type\":\"akamai_siem\",\"version\":\"1.0\"}",
+                "start": "2024-10-09T10:46:07.000Z"
+            },
+            "http": {
+                "request": {
+                    "id": "1770e7d9",
+                    "method": "GET"
+                },
+                "response": {
+                    "bytes": 122,
+                    "status_code": 400
+                }
+            },
+            "observer": {
+                "type": "proxy",
+                "vendor": "akamai"
+            },
+            "related": {
+                "ip": [
+                    "81.2.69.144"
+                ]
+            },
+            "source": {
+                "address": "81.2.69.144",
+                "as": {
+                    "number": 8075
+                },
+                "geo": {
+                    "city_name": "London",
+                    "continent_name": "Europe",
+                    "country_iso_code": "GB",
+                    "country_name": "United Kingdom",
+                    "location": {
+                        "lat": 51.5142,
+                        "lon": -0.0931
+                    },
+                    "region_iso_code": "GB-ENG",
+                    "region_name": "England"
+                },
+                "ip": "81.2.69.144"
+            },
+            "tags": [
+                "preserve_original_event"
+            ],
+            "url": {
+                "domain": "investor.company.com",
+                "full": "investor.company.com/etf/profile/FNQ%20Company%20ETW%20Profile",
+                "path": "/etf/profile/FNQ Company ETW Profile",
+                "port": 443
+            }
+        },
+        {
+            "@timestamp": "2024-10-08T07:49:37.000Z",
+            "akamai": {
+                "siem": {
+                    "config_id": "92384723",
+                    "policy_id": "prkg_252151",
+                    "request": {
+                        "headers": {
+                            "Content-Type": "application/x-www-form-urlencoded",
+                            "Host": "cow.company.com",
+                            "Origin": "https://cow.company.com"
+                        }
+                    },
+                    "response": {
+                        "headers": {
+                            "Akamai-GRN": "0.50fbd217.1728373777.59ea711b",
+                            "Connection": "close",
+                            "Content-Length": "717",
+                            "Content-Type": "text/html",
+                            "Date": "Tue, 08 Oct 2024 07:49:37 GMT",
+                            "Expires": "Tue, 08 Oct 2024 07:49:37 GMT",
+                            "Mime-Version": "1.0",
+                            "Server": "AkamaiGHost",
+                            "Strict-Transport-Security": "max-age=15768000 ; includeSubDomains"
+                        }
+                    },
+                    "rule_actions": [
+                        "deny"
+                    ],
+                    "rule_tags": [
+                        "ipblock"
+                    ],
+                    "rules": [
+                        {
+                            "ruleActions": "deny",
+                            "ruleMessages": "Unauthorized peer IP 136.244.90.176 in Vanguard - CSOC Blacklist",
+                            "ruleTags": "IPBLOCK",
+                            "rules": "IPBLOCK"
+                        }
+                    ]
+                }
+            },
+            "client": {
+                "address": "81.2.69.144",
+                "as": {
+                    "number": 20473
+                },
+                "geo": {
+                    "city_name": "London",
+                    "continent_name": "Europe",
+                    "country_iso_code": "GB",
+                    "country_name": "United Kingdom",
+                    "location": {
+                        "lat": 51.5142,
+                        "lon": -0.0931
+                    },
+                    "region_iso_code": "GB-ENG",
+                    "region_name": "England"
+                },
+                "ip": "81.2.69.144"
+            },
+            "ecs": {
+                "version": "8.11.0"
+            },
+            "event": {
+                "category": [
+                    "network"
+                ],
+                "id": "59ea711b",
+                "kind": "event",
+                "original": "{\"attackData\":{\"clientIP\":\"81.2.69.144\",\"configId\":\"92384723\",\"policyId\":\"prkg_252151\",\"ruleActions\":\"ZGVueQ%3d%3d\",\"ruleData\":\"\",\"ruleMessages\":\"VW5hdXRob3JpemVkIHBlZXIgSVAgMTM2LjI0NC45MC4xNzYgaW4gVmFuZ3VhcmQgLSBDU09DIEJsYWNrbGlzdA%3d%3d\",\"ruleSelectors\":\"\",\"ruleTags\":\"SVBCTE9DSw%3d%3d\",\"ruleVersions\":\"\",\"rules\":\"SVBCTE9DSw%3d%3d\"},\"format\":\"json\",\"geo\":{\"asn\":\"20473\",\"city\":\"FRANKFURT\",\"continent\":\"EU\",\"country\":\"DE\",\"regionCode\":\"HE\"},\"httpMessage\":{\"bytes\":\"717\",\"host\":\"cow.company.com\",\"method\":\"POST\",\"path\":\"/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh\",\"port\":\"443\",\"protocol\":\"HTTP/1.1\",\"requestHeaders\":\"Host%3a%20cow.company.com%0d%0aOrigin%3a%20https%3a%2f%2fcow.company.com%0d%0aContent-Type%3a%20application%2fx-www-form-urlencoded%0d%0a\",\"requestId\":\"59ea711b\",\"responseHeaders\":\"Server%3a%20AkamaiGHost%0d%0aMime-Version%3a%201.0%0d%0aContent-Type%3a%20text%2fhtml%0d%0aContent-Length%3a%20717%0d%0aExpires%3a%20Tue,%2008%20Oct%202024%2007%3a49%3a37%20GMT%0d%0aDate%3a%20Tue,%2008%20Oct%202024%2007%3a49%3a37%20GMT%0d%0aConnection%3a%20close%0d%0aAkamai-GRN%3a%200.50fbd217.1728373777.59ea711b%0d%0aStrict-Transport-Security%3a%20max-age%3d15768000%20%3b%20includeSubDomains%0d%0a\",\"start\":\"1728373777\",\"status\":\"403\",\"tls\":\"tls1.3\"},\"type\":\"akamai_siem\",\"version\":\"1.0\"}",
+                "start": "2024-10-08T07:49:37.000Z"
+            },
+            "http": {
+                "request": {
+                    "id": "59ea711b",
+                    "method": "POST"
+                },
+                "response": {
+                    "bytes": 717,
+                    "status_code": 403
+                },
+                "version": "1.1"
+            },
+            "network": {
+                "protocol": "http",
+                "transport": "tcp"
+            },
+            "observer": {
+                "type": "proxy",
+                "vendor": "akamai"
+            },
+            "related": {
+                "ip": [
+                    "81.2.69.144"
+                ]
+            },
+            "source": {
+                "address": "81.2.69.144",
+                "as": {
+                    "number": 20473
+                },
+                "geo": {
+                    "city_name": "London",
+                    "continent_name": "Europe",
+                    "country_iso_code": "GB",
+                    "country_name": "United Kingdom",
+                    "location": {
+                        "lat": 51.5142,
+                        "lon": -0.0931
+                    },
+                    "region_iso_code": "GB-ENG",
+                    "region_name": "England"
+                },
+                "ip": "81.2.69.144"
+            },
+            "tags": [
+                "preserve_original_event"
+            ],
+            "url": {
+                "domain": "cow.company.com",
+                "full": "cow.company.com/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh",
+                "path": "/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh",
+                "port": 443
+            }
+        },
+        {
+            "@timestamp": "2024-10-07T07:00:47.000Z",
+            "akamai": {
+                "siem": {
+                    "config_id": "92384723",
+                    "policy_id": "prse_111965",
+                    "request": {
+                        "headers": {
+                            "Accept": "*/*",
+                            "Accept-Encoding": "gzip, deflate, br",
+                            "Cache-Control": "no-cache,max-age=0",
+                            "Connection": "keep-alive",
+                            "From": "googlebot(at)googlebot.com",
+                            "Host": "peeps.company.com",
+                            "User-Agent": "FeedFetcher-Google; ( http://www.google.com/feedfetcher.html)"
+                        }
+                    },
+                    "response": {
+                        "headers": {
+                            "Cache-Control": "max-age=0, no-cache, no-store",
+                            "Connection": "keep-alive",
+                            "Content-Encoding": "gzip",
+                            "Content-Length": "5405",
+                            "Content-Type": "text/html;charset=ISO-8859-1",
+                            "Date": "Mon, 07 Oct 2024 07:00:47 GMT",
+                            "Expires": "Mon, 07 Oct 2024 07:00:47 GMT",
+                            "Server": "Company Server",
+                            "Vary": "accept-encoding",
+                            "X-Frame-Options": "SAMEORIGIN"
+                        }
+                    },
+                    "rule_actions": [
+                        "alert",
+                        "monitor"
+                    ],
+                    "rule_tags": [
+                        "alert",
+                        "akamai/bot/akamai_categorized"
+                    ],
+                    "rules": [
+                        {
+                            "ruleActions": "alert",
+                            "ruleMessages": "are you still looking?",
+                            "ruleTags": "alert",
+                            "rules": "60107867"
+                        },
+                        {
+                            "ruleActions": "monitor",
+                            "ruleData": "feedfetcher-google",
+                            "ruleMessages": "RSS Feed Reader Bots",
+                            "ruleTags": "AKAMAI/BOT/AKAMAI_CATEGORIZED",
+                            "ruleVersions": "1",
+                            "rules": "3991015"
+                        }
+                    ]
+                }
+            },
+            "client": {
+                "address": "81.2.69.144",
+                "as": {
+                    "number": 15169
+                },
+                "geo": {
+                    "city_name": "London",
+                    "continent_name": "Europe",
+                    "country_iso_code": "GB",
+                    "country_name": "United Kingdom",
+                    "location": {
+                        "lat": 51.5142,
+                        "lon": -0.0931
+                    },
+                    "region_iso_code": "GB-ENG",
+                    "region_name": "England"
+                },
+                "ip": "81.2.69.144"
+            },
+            "ecs": {
+                "version": "8.11.0"
+            },
+            "event": {
+                "category": [
+                    "network"
+                ],
+                "id": "b7fb413c",
+                "kind": "event",
+                "original": "{\"attackData\":{\"apiId\":\"API_234508975\",\"apiKey\":\"\",\"clientIP\":\"81.2.69.144\",\"configId\":\"92384723\",\"policyId\":\"prse_111965\",\"ruleActions\":\"YWxlcnQ%3d%3bbW9uaXRvcg%3d%3d%3b\",\"ruleData\":\"%3bZmVlZGZldGNoZXItZ29vZ2xl%3b\",\"ruleMessages\":\"YXJlIHlvdSBzdGlsbCBsb29raW5nPw%3d%3d%3bUlNTIEZlZWQgUmVhZGVyIEJvdHM%3d%3b\",\"ruleSelectors\":\"%3b%3b\",\"ruleTags\":\"YWxlcnQ%3d%3bQUtBTUFJL0JPVC9BS0FNQUlfQ0FURUdPUklaRUQ%3d%3b\",\"ruleVersions\":\"%3bMQ%3d%3d%3b\",\"rules\":\"NjAxMDc4Njc%3d%3bMzk5MTAxNQ%3d%3d%3b\"},\"format\":\"json\",\"geo\":{\"asn\":\"15169\",\"city\":\"DALLAS\",\"continent\":\"NA\",\"country\":\"US\",\"regionCode\":\"TX\"},\"httpMessage\":{\"bytes\":\"5405\",\"host\":\"peeps.company.com\",\"method\":\"GET\",\"path\":\"/us/FundsRSS\",\"port\":\"443\",\"protocol\":\"HTTP/1.1\",\"query\":\"FundId=%\\u0026foo=1\",\"requestHeaders\":\"Cache-Control%3a%20no-cache,max-age%3d0%0d%0aHost%3a%20peeps.company.com%0d%0aConnection%3a%20keep-alive%0d%0aAccept%3a%20*%2f*%0d%0aFrom%3a%20googlebot(at)googlebot.com%0d%0aUser-Agent%3a%20FeedFetcher-Google%3b%20(+http%3a%2f%2fwww.google.com%2ffeedfetcher.html)%0d%0aAccept-Encoding%3a%20gzip,%20deflate,%20br%0d%0a\",\"requestId\":\"b7fb413c\",\"responseHeaders\":\"Server%3a%20Company%20Server%0d%0aX-Frame-Options%3a%20SAMEORIGIN%0d%0aVary%3a%20accept-encoding%0d%0aContent-Encoding%3a%20gzip%0d%0aContent-Type%3a%20text%2fhtml%3bcharset%3dISO-8859-1%0d%0aContent-Length%3a%205405%0d%0aExpires%3a%20Mon,%2007%20Oct%202024%2007%3a00%3a47%20GMT%0d%0aCache-Control%3a%20max-age%3d0,%20no-cache,%20no-store%0d%0aDate%3a%20Mon,%2007%20Oct%202024%2007%3a00%3a47%20GMT%0d%0aConnection%3a%20keep-alive%0d%0a\",\"start\":\"1728284447\",\"status\":\"200\",\"tls\":\"tls1.3\"},\"type\":\"akamai_siem\",\"version\":\"1.0\"}",
+                "start": "2024-10-07T07:00:47.000Z"
+            },
+            "http": {
+                "request": {
+                    "id": "b7fb413c",
+                    "method": "GET"
+                },
+                "response": {
+                    "bytes": 5405,
+                    "status_code": 200
+                },
+                "version": "1.1"
+            },
+            "network": {
+                "protocol": "http",
+                "transport": "tcp"
+            },
+            "observer": {
+                "type": "proxy",
+                "vendor": "akamai"
+            },
+            "related": {
+                "ip": [
+                    "81.2.69.144"
+                ]
+            },
+            "source": {
+                "address": "81.2.69.144",
+                "as": {
+                    "number": 15169
+                },
+                "geo": {
+                    "city_name": "London",
+                    "continent_name": "Europe",
+                    "country_iso_code": "GB",
+                    "country_name": "United Kingdom",
+                    "location": {
+                        "lat": 51.5142,
+                        "lon": -0.0931
+                    },
+                    "region_iso_code": "GB-ENG",
+                    "region_name": "England"
+                },
+                "ip": "81.2.69.144"
+            },
+            "tags": [
+                "preserve_original_event"
+            ],
+            "url": {
+                "domain": "peeps.company.com",
+                "full": "peeps.company.com/us/FundsRSS",
+                "path": "/us/FundsRSS",
+                "port": 443,
+                "query": "FundId=%&foo=1"
+            }
+        },
+        {
+            "@timestamp": "2024-10-05T17:59:35.000Z",
+            "akamai": {
+                "siem": {
+                    "config_id": "92384723",
+                    "policy_id": "prkg_252151",
+                    "request": {
+                        "headers": {
+                            "Accept": "*/*",
+                            "Accept-Encoding": "gzip",
+                            "Accept-Language": "en",
+                            "Connection": "close",
+                            "Host": "prodgateway.company.com",
+                            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/118.0"
+                        }
+                    },
+                    "response": {
+                        "headers": {
+                            "Akamai-GRN": "0.9b9a2d17.1728151175.115683da",
+                            "Connection": "close",
+                            "Content-Length": "424",
+                            "Content-Type": "text/html",
+                            "Date": "Sat, 05 Oct 2024 17:59:35 GMT",
+                            "Expires": "Sat, 05 Oct 2024 17:59:35 GMT",
+                            "Mime-Version": "1.0",
+                            "Server": "AkamaiGHost",
+                            "Strict-Transport-Security": "max-age=15768000 ; includeSubDomains"
+                        }
+                    },
+                    "rule_actions": [
+                        "deny"
+                    ],
+                    "rule_tags": [
+                        "ipblock"
+                    ],
+                    "rules": [
+                        {
+                            "ruleActions": "deny",
+                            "ruleMessages": "Unauthorized peer IP 45.61.188.131 in Vanguard - CSOC Blacklist",
+                            "ruleTags": "IPBLOCK",
+                            "rules": "IPBLOCK"
+                        }
+                    ]
+                }
+            },
+            "client": {
+                "address": "81.2.69.144",
+                "as": {
+                    "number": 53667
+                },
+                "geo": {
+                    "city_name": "London",
+                    "continent_name": "Europe",
+                    "country_iso_code": "GB",
+                    "country_name": "United Kingdom",
+                    "location": {
+                        "lat": 51.5142,
+                        "lon": -0.0931
+                    },
+                    "region_iso_code": "GB-ENG",
+                    "region_name": "England"
+                },
+                "ip": "81.2.69.144"
+            },
+            "ecs": {
+                "version": "8.11.0"
+            },
+            "event": {
+                "category": [
+                    "network"
+                ],
+                "id": "115683da",
+                "kind": "event",
+                "original": "{\"attackData\":{\"clientIP\":\"81.2.69.144\",\"configId\":\"92384723\",\"policyId\":\"prkg_252151\",\"ruleActions\":\"ZGVueQ%3d%3d\",\"ruleData\":\"\",\"ruleMessages\":\"VW5hdXRob3JpemVkIHBlZXIgSVAgNDUuNjEuMTg4LjEzMSBpbiBWYW5ndWFyZCAtIENTT0MgQmxhY2tsaXN0\",\"ruleSelectors\":\"\",\"ruleTags\":\"SVBCTE9DSw%3d%3d\",\"ruleVersions\":\"\",\"rules\":\"SVBCTE9DSw%3d%3d\"},\"format\":\"json\",\"geo\":{\"asn\":\"53667\",\"city\":\"MIAMI\",\"continent\":\"NA\",\"country\":\"US\",\"regionCode\":\"FL\"},\"httpMessage\":{\"bytes\":\"424\",\"host\":\"prodgateway.company.com\",\"method\":\"GET\",\"path\":\"/plugins/weathermap/editor.php\",\"port\":\"443\",\"protocol\":\"HTTP/1.1\",\"query\":\"plug=0\\u0026mapname=poc.conf\\u0026action=set_map_properties\\u0026param\\u0026param2\\u0026debug=existing\\u0026node_name\\u0026node_x\\u0026node_y\\u0026node_new_name\\u0026node_label\\u0026node_infourl\\u0026node_hover\\u0026node_iconfilename=--NONE--\\u0026link_name\\u0026link_bandwidth_in\\u0026link_bandwidth_out\\u0026link_target\\u0026link_width\\u0026link_infourl\\u0026link_hover\\u0026map_title=46ea1712d4b13b55b3f680cc5b8b54e8\\u0026map_legend=Traffic+Load\\u0026map_stamp=Created:+%b+%d+%Y+%H:%M:%S\\u0026map_linkdefaultwidth=7\",\"requestHeaders\":\"Host%3a%20prodgateway.company.com%0d%0aUser-Agent%3a%20Mozilla%2f5.0%20(Windows%20NT%2010.0%3b%20rv%3a109.0)%20Gecko%2f20100101%20Firefox%2f118.0%0d%0aConnection%3a%20close%0d%0aAccept%3a%20*%2f*%0d%0aAccept-Language%3a%20en%0d%0aAccept-Encoding%3a%20gzip%0d%0a\",\"requestId\":\"115683da\",\"responseHeaders\":\"Server%3a%20AkamaiGHost%0d%0aMime-Version%3a%201.0%0d%0aContent-Type%3a%20text%2fhtml%0d%0aContent-Length%3a%20424%0d%0aExpires%3a%20Sat,%2005%20Oct%202024%2017%3a59%3a35%20GMT%0d%0aDate%3a%20Sat,%2005%20Oct%202024%2017%3a59%3a35%20GMT%0d%0aConnection%3a%20close%0d%0aAkamai-GRN%3a%200.9b9a2d17.1728151175.115683da%0d%0aStrict-Transport-Security%3a%20max-age%3d15768000%20%3b%20includeSubDomains%0d%0a\",\"start\":\"1728151175\",\"status\":\"403\",\"tls\":\"tls1.3\"},\"type\":\"akamai_siem\",\"version\":\"1.0\"}",
+                "start": "2024-10-05T17:59:35.000Z"
+            },
+            "http": {
+                "request": {
+                    "id": "115683da",
+                    "method": "GET"
+                },
+                "response": {
+                    "bytes": 424,
+                    "status_code": 403
+                },
+                "version": "1.1"
+            },
+            "network": {
+                "protocol": "http",
+                "transport": "tcp"
+            },
+            "observer": {
+                "type": "proxy",
+                "vendor": "akamai"
+            },
+            "related": {
+                "ip": [
+                    "81.2.69.144"
+                ]
+            },
+            "source": {
+                "address": "81.2.69.144",
+                "as": {
+                    "number": 53667
+                },
+                "geo": {
+                    "city_name": "London",
+                    "continent_name": "Europe",
+                    "country_iso_code": "GB",
+                    "country_name": "United Kingdom",
+                    "location": {
+                        "lat": 51.5142,
+                        "lon": -0.0931
+                    },
+                    "region_iso_code": "GB-ENG",
+                    "region_name": "England"
+                },
+                "ip": "81.2.69.144"
+            },
+            "tags": [
+                "preserve_original_event"
+            ],
+            "url": {
+                "domain": "prodgateway.company.com",
+                "full": "prodgateway.company.com/plugins/weathermap/editor.php",
+                "path": "/plugins/weathermap/editor.php",
+                "port": 443,
+                "query": "plug=0&mapname=poc.conf&action=set_map_properties&param&param2&debug=existing&node_name&node_x&node_y&node_new_name&node_label&node_infourl&node_hover&node_iconfilename=--NONE--&link_name&link_bandwidth_in&link_bandwidth_out&link_target&link_width&link_infourl&link_hover&map_title=46ea1712d4b13b55b3f680cc5b8b54e8&map_legend=Traffic+Load&map_stamp=Created:+%b+%d+%Y+%H:%M:%S&map_linkdefaultwidth=7"
+            }
+        },
         null
     ]
 }
\ No newline at end of file
diff --git a/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml b/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml
index 3a192b5d914..99b90723851 100644
--- a/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml
+++ b/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml
@@ -13,7 +13,7 @@ processors:
       field: event.original
       target_field: json
   - drop:
-      if: 'ctx?.json?.offset != null'
+      if: ctx.json.offset != null
   - set:
       field: observer.vendor
       value: akamai
@@ -26,9 +26,12 @@ processors:
         - UNIX
       timezone: UTC
       target_field: "@timestamp"
+      # 500s do not include a timestamp.
+      if: ctx.json.httpMessage?.start != null
   - set:
       field: "event.start"
       copy_from: "@timestamp"
+      ignore_empty_value: true
   - rename:
       field: json.httpMessage.status
       target_field: http.response.status_code
@@ -71,11 +74,22 @@ processors:
       field: json.httpMessage.path
       target_field: url.path
       ignore_missing: true
+      on_failure:
+        # We see some illegal character, if we can't decode, at least give the data that exists.
+        - set:
+            field: url.path
+            copy_from: json.httpMessage.path
   - urldecode:
       tag: urldecode_httpMessage_query
       field: json.httpMessage.query
       target_field: url.query
       ignore_missing: true
+      on_failure:
+        # Assume a failure is due to the query already being decoded.
+        - rename:
+            field: json.httpMessage.query
+            target_field: url.query
+            ignore_failure: true
   - rename:
       field: json.httpMessage.port
       target_field: url.port
@@ -89,7 +103,7 @@ processors:
       field: json.httpMessage.responseHeaders
       ignore_missing: true
   - kv:
-      if: ctx.json?.httpMessage?.responseHeaders != ""
+      if: ctx.json.httpMessage?.responseHeaders != ""
       tag: kv_httpMessage_responseHeaders
       field: json.httpMessage.responseHeaders
       target_field: akamai.siem.response.headers
@@ -101,7 +115,7 @@ processors:
       field: json.httpMessage.requestHeaders
       ignore_missing: true
   - kv:
-      if: ctx.json?.httpMessage?.requestHeaders != ""
+      if: ctx.json.httpMessage?.requestHeaders != ""
       tag: kv_httpMessage_requestHeaders
       field: json.httpMessage.requestHeaders
       target_field: akamai.siem.request.headers
@@ -112,21 +126,24 @@ processors:
       lang: painless
       description: This script builds the `url.full` field out of the available `url.*` parts.
       source: |
-        def full = "";
-        if(ctx.url.scheme != null && ctx.url.scheme != "") {
-            full += ctx.url.scheme+"://";
+        String full = '';
+        if (ctx.url?.scheme != null && ctx.url.scheme != "") {
+          full += ctx.url.scheme+"://";
         }
-        if(ctx.url.domain != null && ctx.url.domain != "") {
-            full += ctx.url.domain;
+        if (ctx.url?.domain != null && ctx.url.domain != "") {
+          full += ctx.url.domain;
         }
-        if(ctx.json.httpMessage.path != null && ctx.json.httpMessage.path != "") {
-            full += ctx.json.httpMessage.path;
+        if (ctx.json.httpMessage?.path != null && ctx.json.httpMessage.path != "") {
+          full += ctx.json.httpMessage.path;
         }
-        if(ctx.json.httpMessage.query != null && ctx.json.httpMessage.query != "") {
-            full += "?"+ctx.json.httpMessage.query;
+        if (ctx.json.httpMessage?.query != null && ctx.json.httpMessage.query != "") {
+          full += "?"+ctx.json.httpMessage.query;
         }
-        if(full != "") {
-            ctx.url.full = full
+        if (full != "") {
+          if (ctx.url == null) {
+            ctx.url = [:];
+          }
+          ctx.url.full = full
         }
   - dissect:
       field: json.httpMessage.protocol
@@ -138,7 +155,7 @@ processors:
   - set:
       field: network.transport
       value: tcp
-      if: ctx?.network?.protocol != null && ctx?.network?.protocol == 'http'
+      if: ctx.network?.protocol != null && ctx.network.protocol == 'http'
   - dissect:
       field: json.httpMessage.tls
       pattern: "%{tls.version_protocol}v%{tls.version}"
@@ -165,17 +182,17 @@ processors:
       field: json.geo.country
       target_field: source.geo.country_iso_code
       ignore_missing: true
-      if: ctx?.source?.geo?.country_iso_code == null
+      if: ctx.source?.geo?.country_iso_code == null
   - set:
       field: source.geo.region_iso_code
       value: "{{{json.geo.country}}}-{{{json.geo.regionCode}}}"
       ignore_empty_value: true
-      if: ctx?.source?.geo?.region_iso_code == null
+      if: ctx.source?.geo?.region_iso_code == null
   - rename:
       field: json.geo.city
       target_field: source.geo.city_name
       ignore_missing: true
-      if: ctx?.source?.geo?.city_name == null
+      if: ctx.source?.geo?.city_name == null
   - geoip:
       database_file: GeoLite2-ASN.mmdb
       field: source.ip
@@ -193,7 +210,7 @@ processors:
       target_field: source.as.number
       type: long
       ignore_missing: true
-      if: ctx?.source?.as?.number == null
+      if: ctx.source?.as?.number == null
   - rename:
       field: source.as.organization_name
       target_field: source.as.organization.name
@@ -209,6 +226,7 @@ processors:
       target_field: json.attackData.ruleActions
       separator: ';'
       preserve_trailing: true
+      ignore_missing: true
   - urldecode:
       tag: urldecode_attackData_ruleData
       field: json.attackData.ruleData
@@ -219,6 +237,7 @@ processors:
       target_field: json.attackData.ruleData
       separator: ';'
       preserve_trailing: true
+      ignore_missing: true
   - urldecode:
       tag: urldecode_attackData_ruleMessages
       field: json.attackData.ruleMessages
@@ -229,6 +248,7 @@ processors:
       target_field: json.attackData.ruleMessages
       separator: ';'
       preserve_trailing: true
+      ignore_missing: true
   - urldecode:
       tag: urldecode_attackData_ruleSelectors
       field: json.attackData.ruleSelectors
@@ -239,6 +259,7 @@ processors:
       target_field: json.attackData.ruleSelectors
       separator: ';'
       preserve_trailing: true
+      ignore_missing: true
   - urldecode:
       tag: urldecode_attackData_ruleTags
       field: json.attackData.ruleTags
@@ -249,6 +270,7 @@ processors:
       target_field: json.attackData.ruleTags
       separator: ';'
       preserve_trailing: true
+      ignore_missing: true
   - urldecode:
       tag: urldecode_attackData_ruleVersions
       field: json.attackData.ruleVersions
@@ -259,6 +281,7 @@ processors:
       target_field: json.attackData.ruleVersions
       separator: ';'
       preserve_trailing: true
+      ignore_missing: true
   - urldecode:
       tag: urldecode_attackData_rules
       field: json.attackData.rules
@@ -269,30 +292,53 @@ processors:
       target_field: json.attackData.rules
       separator: ';'
       preserve_trailing: true
+      ignore_missing: true
   - script:
       lang: painless
       description: Base64 Decode the json.attackData.rule* fields
       tag: script_base64_decode_attackData_rule
+      params:
+        items:
+          - rules
+          - ruleActions
+          - ruleData
+          - ruleMessages
+          - ruleTags
+          - ruleSelectors
+          - ruleVersions
+      if: ctx.json.attackData?.rules instanceof List
       source: |
-        ArrayList items = new ArrayList(["rules", "ruleActions", "ruleData", "ruleMessages", "ruleTags", "ruleSelectors", "ruleVersions"]);
         ArrayList rules_array = new ArrayList();
         ArrayList rule_actions = new ArrayList();
         ArrayList rule_tags = new ArrayList();
         for (def i = 0; i < ctx.json.attackData.rules.length; i++) {
-            HashMap map = new HashMap();
-            for (def j = 0; j < items.length; j++) {
-                String key = items[j];
-                if (i < ctx.json.attackData[key].length ) {
-                    String value = ctx.json.attackData[key][i].replace(" ", "").decodeBase64();
-                    map.put(key, value);
-                    if (key == "ruleTags") {
-                        rule_tags.add(value.toLowerCase());
-                    } else if (key == "ruleActions") {
-                        rule_actions.add(value.toLowerCase());
-                    }
+          HashMap map = new HashMap();
+          for (String key: params.items) {
+            if (i < ctx.json.attackData[key].length) {
+              String data = ctx.json.attackData[key][i].replace(" ", "");
+              try {
+                String value = data.decodeBase64();
+                map.put(key, value);
+                if (key == "ruleTags") {
+                  rule_tags.add(value.toLowerCase());
+                } else if (key == "ruleActions") {
+                  rule_actions.add(value.toLowerCase());
+                }
+              }
+              catch (Exception e) {
+                if (data.length() > 10) {
+                  data = data.substring(0,10)+"..."
+                }
+                String error = e.toString();
+                if (error.startsWith("java.lang.IllegalArgumentException: ")) {
+                  error = error.substring("java.lang.IllegalArgumentException: ".length());
                 }
+                String warning = "failed to decode base64 data: " + error + ": " + data;
+                map.put(key, warning);
+              }
             }
-            rules_array.add(map);
+          }
+          rules_array.add(map);
         }
         ctx.akamai.siem.rules = rules_array;
         ctx._rule_actions = rule_actions;
@@ -393,6 +439,7 @@ processors:
       field: json.userRiskData.score
       target_field: akamai.siem.user_risk.score
       type: long
+      if: ctx.json.userRiskData?.score != null && ctx.json.userRiskData.score != ''
       ignore_missing: true
   - convert:
       field: json.userRiskData.allow
@@ -400,7 +447,7 @@ processors:
       type: long
       ignore_missing: true
   - kv:
-      if: ctx.json?.userRiskData?.risk != ""
+      if: ctx.json.userRiskData?.risk != ""
       tag: kv_userRiskData_risk
       field: json.userRiskData.risk
       target_field: akamai.siem.user_risk.risk
@@ -408,21 +455,48 @@ processors:
       value_split: ':'
       ignore_missing: true
   - kv:
-      if: ctx.json?.userRiskData?.trust != ""
+      if: ctx.json.userRiskData?.trust != ""
       tag: kv_userRiskData_trust
       field: json.userRiskData.trust
       target_field: akamai.siem.user_risk.trust
       field_split: '\|'
       value_split: ':'
       ignore_missing: true
-  - kv:
-      if: ctx.json?.userRiskData?.general != ""
-      tag: kv_userRiskData_general
-      field: json.userRiskData.general
-      target_field: akamai.siem.user_risk.general
-      field_split: '\|'
-      value_split: ':'
-      ignore_missing: true
+  - script:
+      description: Process key-value pairs, preserving keys without values.
+      lang: painless
+      tag: script_userRiskData_general
+      if: ctx.json.userRiskData?.general instanceof String && ctx.json.userRiskData.general != ""
+      source: |
+        String text = ctx.json.userRiskData.general.trim();
+        if (text != "") {
+          def m = new HashMap();
+          for (String f: /\|/.split(text)) {
+            if (f == "") {
+              continue;
+            }
+            int idx = f.indexOf(':');
+            if (idx == -1) {
+              m.put(f, "-"); // Include a non-empty string to prevent the field being removed.
+              continue;
+            }
+            String k = f.substring(0, idx);
+            String v = f.substring(idx+1);
+            m.put(k, v);
+          }
+          if (m.size() > 0) {
+            if (ctx.akamai == null) {
+              ctx.akamai = new HashMap();
+            }
+            if (ctx.akamai.siem == null) {
+              ctx.akamai.siem = new HashMap();
+            }
+            if (ctx.akamai.siem.user_risk == null) {
+              ctx.akamai.siem.user_risk = new HashMap();
+            }
+            ctx.akamai.siem.user_risk.general = m;
+          }
+        }
   ##
   - append:
       field: related.ip
diff --git a/packages/akamai/manifest.yml b/packages/akamai/manifest.yml
index 3ca106c2988..cf245974323 100644
--- a/packages/akamai/manifest.yml
+++ b/packages/akamai/manifest.yml
@@ -1,6 +1,6 @@
 name: akamai
 title: Akamai
-version: "2.25.4"
+version: "2.26.0"
 description: Collect logs from Akamai with Elastic Agent.
 type: integration
 format_version: "3.0.2"