Adapt security snapshots

DataDog · Feb 13, 2025 · 4ff5982 · 4ff5982
1 parent 9a5b174
commit 4ff5982
Show file tree

Hide file tree

Showing 51 changed files with 171 additions and 39 deletions.
diff --git a/...pectedStatusCode=403_url=_data_model_body=property=test&property2=dummy_rule.verified.txt b/...pectedStatusCode=403_url=_data_model_body=property=test&property2=dummy_rule.verified.txt
@@ -1,4 +1,4 @@
-[
+[
   {
     TraceId: Id_1,
     SpanId: Id_2,
@@ -33,6 +33,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet
@@ -81,6 +82,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet
@@ -129,6 +131,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet
@@ -177,6 +180,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet
@@ -225,6 +229,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet

diff --git a/...e=403_url=_dataapi_model_body={-property---dummy_rule-, -property2---test2-}.verified.txt b/...e=403_url=_dataapi_model_body={-property---dummy_rule-, -property2---test2-}.verified.txt
@@ -1,4 +1,4 @@
-[
+[
   {
     TraceId: Id_1,
     SpanId: Id_2,
@@ -33,6 +33,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet
@@ -81,6 +82,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet
@@ -129,6 +131,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet
@@ -177,6 +180,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet
@@ -225,6 +229,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet

diff --git a/...dStatusCode=403_url=_datarazorpage_body=property=dummy_rule&property2=value2.verified.txt b/...dStatusCode=403_url=_datarazorpage_body=property=dummy_rule&property2=value2.verified.txt
@@ -1,4 +1,4 @@
-[
+[
   {
     TraceId: Id_1,
     SpanId: Id_2,
@@ -33,6 +33,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet
@@ -81,6 +82,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet
@@ -129,6 +131,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet
@@ -177,6 +180,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet
@@ -225,6 +229,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet

diff --git a/...params_expectedStatusCode=200_url=_health_params_appscan_fingerprint-&q=help.verified.txt b/...params_expectedStatusCode=200_url=_health_params_appscan_fingerprint-&q=help.verified.txt
@@ -1,4 +1,4 @@
-[
+[
   {
     TraceId: Id_1,
     SpanId: Id_2,
@@ -32,6 +32,7 @@
       _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-8e35c2cd-,
       _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet
@@ -82,6 +83,7 @@
       _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-8e35c2cd-,
       _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet
@@ -132,6 +134,7 @@
       _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-8e35c2cd-,
       _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet
@@ -182,6 +185,7 @@
       _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-8e35c2cd-,
       _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet
@@ -232,6 +236,7 @@
       _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-8e35c2cd-,
       _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet

diff --git a/...st.path_params_expectedStatusCode=200_url=_health_params_appscan_fingerprint.verified.txt b/...st.path_params_expectedStatusCode=200_url=_health_params_appscan_fingerprint.verified.txt
@@ -1,4 +1,4 @@
-[
+[
   {
     TraceId: Id_1,
     SpanId: Id_2,
@@ -31,6 +31,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet
@@ -80,6 +81,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet
@@ -129,6 +131,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet
@@ -178,6 +181,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet
@@ -227,6 +231,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet

diff --git a/....path_params_expectedStatusCode=200_url=_params-endpoint_appscan_fingerprint.verified.txt b/....path_params_expectedStatusCode=200_url=_params-endpoint_appscan_fingerprint.verified.txt
@@ -1,4 +1,4 @@
-[
+[
   {
     TraceId: Id_1,
     SpanId: Id_2,
@@ -29,6 +29,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["s"],"value":"appscan_fingerprint"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet
@@ -76,6 +77,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["s"],"value":"appscan_fingerprint"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet
@@ -123,6 +125,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["s"],"value":"appscan_fingerprint"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet
@@ -170,6 +173,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["s"],"value":"appscan_fingerprint"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet
@@ -217,6 +221,7 @@
       span.kind: server,
       _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63,
       _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn----<SessionFp>,
       _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["s"],"value":"appscan_fingerprint"}]}]}]},
       _dd.origin: appsec,
       _dd.runtime_family: dotnet