Merge pull request #224495 from Miskatonic-Electronic/patch-34

Update web-application-firewall-logs.md

Author: prmerger-automator[bot]

articles/web-application-firewall/ag/web-application-firewall-logs.md

@@ -228,7 +228,7 @@ The firewall log is generated only if you have enabled it for each application g
 |ruleSetVersion     | Rule set version used. Available values are 2.2.9 and 3.0.     |
 |ruleId     | Rule ID of the triggering event.        |
 |message     | User-friendly message for the triggering event. More details are provided in the details section.        |
-|action     |  Action taken on the request. Available values are: </br>**Blocked and Allowed** (for custom rules) </br>**Matched** (when a rule matches a part of the request) </br>**Detected and Blocked** (these are both for mandatory rules, depending on if the WAF is in detection or prevention mode).      |
+|action     |  **Policy Mode:** Detection</br>   - **Detected** - This is the only action for the WAF when in detection mode. All the conditions for a given rule were matched and the request was logged then passed to the backend.</br></br>**Policy Mode:** Prevention</br>   - **Allowed** - All conditions were matched for a given rule and the request was passed to the backend.</br>   - **Blocked** - All of the conditions were matched for a given rule and the request was blocked.</br>   - **Matched** - One/more conditions were matched for a given rule, but the decision to block or pass the request will need further evaluation and will be evaluated based on the final anomaly scoring rule.      |
 |site     | Site for which the log was generated. Currently, only Global is listed because rules are global.|
 |details     | Details of the triggering event.        |
 |details.message     | Description of the rule.        |