Updated proto and related processing of this proto, to be more efficient:

1. Converted all integer type fields to uint32.
2. Converted all known value string to enum types.
3. Converted from JSON encoding to proto encoding of message in log record

Author: kamalchaturvedi

api/grpc/events/v1/security_violation.pb.go

@@ -1,22 +1,23 @@
 // Copyright (c) F5, Inc.
 //
-// This source code is licensed under the Apache License, Version 2.0 license found in the
-// LICENSE file in the root directory of this source tree.
+// This source code is licensed under the Apache License, Version 2.0 license
+// found in the LICENSE file in the root directory of this source tree.
 syntax = "proto3";
 package events.v1;
 
 option go_package = "events/v1";
 
-// SecurityViolationEvent represents the structured NGINX App Protect security violation data
+// SecurityViolationEvent represents the structured NGINX App Protect
+// security violation data
 message SecurityViolationEvent {
     // Name of the security policy
     string policy_name = 1;
     // Unique support ID for the violation
     string support_id = 2;
     // Outcome of the request (e.g., REJECTED, PASSED)
-    string outcome = 3;
+    RequestOutcome request_outcome = 3;
     // Reason for the outcome
-    string outcome_reason = 4;
+    RequestOutcomeReason request_outcome_reason = 4;
     // Reason for blocking exception if applicable
     string blocking_exception_reason = 5;
     // HTTP method used
@@ -30,27 +31,27 @@ message SecurityViolationEvent {
     // Full request
     string request = 10;
     // Indicates if the request was truncated
-    string is_truncated = 11;
+    bool is_truncated = 11;
     // Status of the request
-    string request_status = 12;
+    RequestStatus request_status = 12;
     // HTTP response code
-    string response_code = 13;
+    uint32 response_code = 13;
     // Server address
     string server_addr = 14;
     // Virtual server name
     string vs_name = 15;
     // Remote address of the client
     string remote_addr = 16;
     // Destination port
-    string destination_port = 17;
+    uint32 destination_port = 17;
     // Server port
-    string server_port = 18;
+    uint32 server_port = 18;
     // List of violations
     string violations = 19;
     // List of sub-violations
     string sub_violations = 20;
     // Violation rating
-    string violation_rating = 21;
+    uint32 violation_rating = 21;
     // Signature set names
     string sig_set_names = 22;
     // Signature CVEs
@@ -62,7 +63,7 @@ message SecurityViolationEvent {
     // Client application version
     string client_application_version = 26;
     // Severity of the violation
-    string severity = 27;
+    Severity severity = 27;
     // Threat campaign names
     string threat_campaign_names = 28;
     // Bot anomalies detected
@@ -102,15 +103,15 @@ message ViolationData {
 // SignatureData represents signature data contained within each violation
 message SignatureData {
     // Signature ID
-    string sig_data_id = 1;
+    uint32 sig_data_id = 1;
     // Blocking mask
     string sig_data_blocking_mask = 2;
     // Buffer information
     string sig_data_buffer = 3;
     // Offset in the buffer
-    string sig_data_offset = 4;
+    uint32 sig_data_offset = 4;
     // Length of the signature match
-    string sig_data_length = 5;
+    uint32 sig_data_length = 5;
 }
 
 // ContextData represents the context data of the violation
@@ -120,3 +121,33 @@ message ContextData {
     // Value of the context
     string context_data_value = 2;
 }
+
+enum RequestStatus {
+    REQUEST_STATUS_UNKNOWN = 0;
+    REQUEST_STATUS_BLOCKED = 1;
+    REQUEST_STATUS_ALERTED = 2;
+    REQUEST_STATUS_PASSED = 3;
+}
+
+enum RequestOutcome {
+    REQUEST_OUTCOME_UNKNOWN = 0;
+    REQUEST_OUTCOME_PASSED = 1;
+    REQUEST_OUTCOME_REJECTED = 2;
+}
+
+enum RequestOutcomeReason {
+    SECURITY_WAF_UNKNOWN = 0;
+    SECURITY_WAF_OK = 1;
+    SECURITY_WAF_VIOLATION = 2;
+    SECURITY_WAF_FLAGGED = 3;
+    SECURITY_WAF_VIOLATION_TRANSPARENT=4;
+}
+
+enum Severity {
+    SEVERITY_UNKNOWN = 0;
+    SEVERITY_INFORMATIONAL = 1;
+    SEVERITY_LOW = 2;
+    SEVERITY_MEDIUM = 3;
+    SEVERITY_HIGH = 4;
+    SEVERITY_CRITICAL = 5;
+}

api/grpc/events/v1/security_violation.pb.validate.go

@@ -9,6 +9,11 @@
     - [SignatureData](#events-v1-SignatureData)
     - [ViolationData](#events-v1-ViolationData)
 
+    - [RequestOutcome](#events-v1-RequestOutcome)
+    - [RequestOutcomeReason](#events-v1-RequestOutcomeReason)
+    - [RequestStatus](#events-v1-RequestStatus)
+    - [Severity](#events-v1-Severity)
+  
 - [mpi/v1/common.proto](#mpi_v1_common-proto)
     - [AuthSettings](#mpi-v1-AuthSettings)
     - [CommandResponse](#mpi-v1-CommandResponse)
@@ -108,8 +113,8 @@
 ## events/v1/security_violation.proto
 Copyright (c) F5, Inc.
 
-This source code is licensed under the Apache License, Version 2.0 license found in the
-LICENSE file in the root directory of this source tree.
+This source code is licensed under the Apache License, Version 2.0 license
+found in the LICENSE file in the root directory of this source tree.
 
 
 <a name="events-v1-ContextData"></a>
@@ -131,38 +136,39 @@ ContextData represents the context data of the violation
 <a name="events-v1-SecurityViolationEvent"></a>
 
 ### SecurityViolationEvent
-SecurityViolationEvent represents the structured NGINX App Protect security violation data
+SecurityViolationEvent represents the structured NGINX App Protect
+security violation data
 
 
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | policy_name | [string](#string) |  | Name of the security policy |
 | support_id | [string](#string) |  | Unique support ID for the violation |
-| outcome | [string](#string) |  | Outcome of the request (e.g., REJECTED, PASSED) |
-| outcome_reason | [string](#string) |  | Reason for the outcome |
+| request_outcome | [RequestOutcome](#events-v1-RequestOutcome) |  | Outcome of the request (e.g., REJECTED, PASSED) |
+| request_outcome_reason | [RequestOutcomeReason](#events-v1-RequestOutcomeReason) |  | Reason for the outcome |
 | blocking_exception_reason | [string](#string) |  | Reason for blocking exception if applicable |
 | method | [string](#string) |  | HTTP method used |
 | protocol | [string](#string) |  | Protocol used (e.g., HTTP/1.1) |
 | xff_header_value | [string](#string) |  | X-Forwarded-For header value |
 | uri | [string](#string) |  | Request URI |
 | request | [string](#string) |  | Full request |
-| is_truncated | [string](#string) |  | Indicates if the request was truncated |
-| request_status | [string](#string) |  | Status of the request |
-| response_code | [string](#string) |  | HTTP response code |
+| is_truncated | [bool](#bool) |  | Indicates if the request was truncated |
+| request_status | [RequestStatus](#events-v1-RequestStatus) |  | Status of the request |
+| response_code | [uint32](#uint32) |  | HTTP response code |
 | server_addr | [string](#string) |  | Server address |
 | vs_name | [string](#string) |  | Virtual server name |
 | remote_addr | [string](#string) |  | Remote address of the client |
-| destination_port | [string](#string) |  | Destination port |
-| server_port | [string](#string) |  | Server port |
+| destination_port | [uint32](#uint32) |  | Destination port |
+| server_port | [uint32](#uint32) |  | Server port |
 | violations | [string](#string) |  | List of violations |
 | sub_violations | [string](#string) |  | List of sub-violations |
-| violation_rating | [string](#string) |  | Violation rating |
+| violation_rating | [uint32](#uint32) |  | Violation rating |
 | sig_set_names | [string](#string) |  | Signature set names |
 | sig_cves | [string](#string) |  | Signature CVEs |
 | client_class | [string](#string) |  | Client class |
 | client_application | [string](#string) |  | Client application |
 | client_application_version | [string](#string) |  | Client application version |
-| severity | [string](#string) |  | Severity of the violation |
+| severity | [Severity](#events-v1-Severity) |  | Severity of the violation |
 | threat_campaign_names | [string](#string) |  | Threat campaign names |
 | bot_anomalies | [string](#string) |  | Bot anomalies detected |
 | bot_category | [string](#string) |  | Bot category |
@@ -188,11 +194,11 @@ SignatureData represents signature data contained within each violation
 
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
-| sig_data_id | [string](#string) |  | Signature ID |
+| sig_data_id | [uint32](#uint32) |  | Signature ID |
 | sig_data_blocking_mask | [string](#string) |  | Blocking mask |
 | sig_data_buffer | [string](#string) |  | Buffer information |
-| sig_data_offset | [string](#string) |  | Offset in the buffer |
-| sig_data_length | [string](#string) |  | Length of the signature match |
+| sig_data_offset | [uint32](#uint32) |  | Offset in the buffer |
+| sig_data_length | [uint32](#uint32) |  | Length of the signature match |
 
 
 
@@ -218,6 +224,64 @@ ViolationData represents individual violation details
 
 
 
+
+<a name="events-v1-RequestOutcome"></a>
+
+### RequestOutcome
+
+
+| Name | Number | Description |
+| ---- | ------ | ----------- |
+| REQUEST_OUTCOME_UNKNOWN | 0 |  |
+| REQUEST_OUTCOME_PASSED | 1 |  |
+| REQUEST_OUTCOME_REJECTED | 2 |  |
+
+
+
+<a name="events-v1-RequestOutcomeReason"></a>
+
+### RequestOutcomeReason
+
+
+| Name | Number | Description |
+| ---- | ------ | ----------- |
+| SECURITY_WAF_UNKNOWN | 0 |  |
+| SECURITY_WAF_OK | 1 |  |
+| SECURITY_WAF_VIOLATION | 2 |  |
+| SECURITY_WAF_FLAGGED | 3 |  |
+| SECURITY_WAF_VIOLATION_TRANSPARENT | 4 |  |
+
+
+
+<a name="events-v1-RequestStatus"></a>
+
+### RequestStatus
+
+
+| Name | Number | Description |
+| ---- | ------ | ----------- |
+| REQUEST_STATUS_UNKNOWN | 0 |  |
+| REQUEST_STATUS_BLOCKED | 1 |  |
+| REQUEST_STATUS_ALERTED | 2 |  |
+| REQUEST_STATUS_PASSED | 3 |  |
+
+
+
+<a name="events-v1-Severity"></a>
+
+### Severity
+
+
+| Name | Number | Description |
+| ---- | ------ | ----------- |
+| SEVERITY_UNKNOWN | 0 |  |
+| SEVERITY_INFORMATIONAL | 1 |  |
+| SEVERITY_LOW | 2 |  |
+| SEVERITY_MEDIUM | 3 |  |
+| SEVERITY_HIGH | 4 |  |
+| SEVERITY_CRITICAL | 5 |  |
+
+