diff --git a/pkg/acquisition/modules/waf/utils.go b/pkg/acquisition/modules/waf/utils.go
index 0e13abaf3..e91607f60 100644
--- a/pkg/acquisition/modules/waf/utils.go
+++ b/pkg/acquisition/modules/waf/utils.go
@@ -74,8 +74,22 @@ func (r *WafRunner) AccumulateTxToEvent(tx experimental.FullTransaction, kind st
 		evt.Meta["waap_action"] = tx.Interruption().Action
 	}
 
+	if evt.Waap.Vars == nil {
+		evt.Waap.Vars = map[string]string{}
+	}
+
 	tx.Variables().All(func(v variables.RuleVariable, col collection.Collection) bool {
 		for _, variable := range col.FindAll() {
+			key := ""
+			if variable.Key() == "" {
+				key = variable.Variable().Name()
+			} else {
+				key = variable.Variable().Name() + "." + variable.Key()
+			}
+			if variable.Value() == "" {
+				continue
+			}
+			evt.Waap.Vars[key] = variable.Value()
 			r.logger.Infof("%s.%s = %s", variable.Variable().Name(), variable.Key(), variable.Value())
 		}
 		return true
diff --git a/pkg/types/event.go b/pkg/types/event.go
index 0709e06a7..d3b21c35f 100644
--- a/pkg/types/event.go
+++ b/pkg/types/event.go
@@ -3,7 +3,6 @@ package types
 import (
 	"fmt"
 	"regexp"
-	"strings"
 	"time"
 
 	log "github.com/sirupsen/logrus"
@@ -58,18 +57,10 @@ func (w WaapEvent) GetVar(varName string) string {
 	if w.Vars == nil {
 		return ""
 	}
-	parsed := strings.Split(varName, ".")
-	if len(parsed) == 1 {
-		//no subkey
-		return w.Vars[varName]
-	} else if len(parsed) == 2 {
-		//subkey
-		if w.Vars[parsed[0]] == "" {
-			return ""
-		}
-		//return w.Vars[parsed[0]][parsed[1]]
+	if val, ok := w.Vars[varName]; ok {
+		return val
 	}
-	log.Warningf("invalid variable name %s", varName)
+	log.Infof("var %s not found", varName, w.Vars)
 	return ""
 
 }