From e6c6f630ebe10f59002bf7c4d768be2e23e0c2a2 Mon Sep 17 00:00:00 2001
From: Alex Denisov <64953037+ald8@users.noreply.github.com>
Date: Thu, 28 May 2026 20:31:11 +0000
Subject: [PATCH] chore: WAF add enforcement_action log attribute

---
 content/waf/logging/security-logs.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/content/waf/logging/security-logs.md b/content/waf/logging/security-logs.md
index 99f9eacb3..fc222bf5d 100644
--- a/content/waf/logging/security-logs.md
+++ b/content/waf/logging/security-logs.md
@@ -266,6 +266,7 @@ The table below lists attributes that are generated in the security logs. When u
 | client_application_version | The identified version of the client application, when classification is available. | default |
 | geo_location | The resolved client geolocation country code for the request, when available. | user-defined only |
 | session_id | The session identifier associated with the request, when session context is established. | user-defined only |
+| enforcement_action | The action taken for the request. It can have values like `block`, `rejected-by-proxy` or `none` | user-defined only |
 
 ## Blocking Observability