diff --git a/pkg/serverless/appsec/httpsec/proxy.go b/pkg/serverless/appsec/httpsec/proxy.go
index f2e71832839b1..bfa61ff5b0963 100644
--- a/pkg/serverless/appsec/httpsec/proxy.go
+++ b/pkg/serverless/appsec/httpsec/proxy.go
@@ -66,6 +66,8 @@ func (lp *ProxyLifecycleProcessor) OnInvokeStart(startDetails *invocationlifecyc
 	eventType := trigger.GetEventType(lowercaseEventPayload)
 	if eventType == trigger.Unknown {
 		log.Debugf("appsec: proxy-lifecycle: Failed to extract event type")
+	} else {
+		log.Debugf("appsec: proxy-lifecycle: Extracted event type: %v", eventType)
 	}
 
 	var event interface{}
@@ -218,8 +220,10 @@ func (lp *ProxyLifecycleProcessor) spanModifier(lastReqId string, chunk *pb.Trac
 			&ctx,
 			nil,
 			&event.Path,
-			event.MultiValueHeaders,
-			event.MultiValueQueryStringParameters,
+			// Depending on how the ALB is configured, headers will be either in MultiValueHeaders or Headers (not both).
+			multiOrSingle(event.MultiValueHeaders, event.Headers),
+			// Depending on how the ALB is configured, query parameters will be either in MultiValueQueryStringParameters or QueryStringParameters (not both).
+			multiOrSingle(event.MultiValueQueryStringParameters, event.QueryStringParameters),
 			nil,
 			"",
 			&event.Body,
@@ -266,6 +270,19 @@ func (lp *ProxyLifecycleProcessor) spanModifier(lastReqId string, chunk *pb.Trac
 	}
 }
 
+// multiOrSingle picks the first non-nil map, and returns the content formatted
+// as the multi-map.
+func multiOrSingle(multi map[string][]string, single map[string]string) map[string][]string {
+	if multi == nil && single != nil {
+		// There is no multi-map, but there is a single-map, so we'll make a multi-map out of that.
+		multi = make(map[string][]string, len(single))
+		for key, value := range single {
+			multi[key] = []string{value}
+		}
+	}
+	return multi
+}
+
 //nolint:revive // TODO(ASM) Fix revive linter
 type ExecutionContext interface {
 	LastRequestID() string
diff --git a/pkg/serverless/trigger/events.go b/pkg/serverless/trigger/events.go
index 357cadfaaecdd..95dca9ad76348 100644
--- a/pkg/serverless/trigger/events.go
+++ b/pkg/serverless/trigger/events.go
@@ -7,6 +7,7 @@
 package trigger
 
 import (
+	"fmt"
 	"strings"
 
 	jsonEncoder "github.com/json-iterator/go"
@@ -294,3 +295,48 @@ func eventRecordsKeyEquals(event map[string]any, key string, val string) bool {
 	}
 	return false
 }
+
+func (et AWSEventType) String() string {
+	switch et {
+	case Unknown:
+		return "Unknown"
+	case APIGatewayEvent:
+		return "APIGatewayEvent"
+	case APIGatewayV2Event:
+		return "APIGatewayV2Event"
+	case APIGatewayWebsocketEvent:
+		return "APIGatewayWebsocketEvent"
+	case APIGatewayLambdaAuthorizerTokenEvent:
+		return "APIGatewayLambdaAuthorizerTokenEvent"
+	case APIGatewayLambdaAuthorizerRequestParametersEvent:
+		return "APIGatewayLambdaAuthorizerRequestParametersEvent"
+	case ALBEvent:
+		return "ALBEvent"
+	case CloudWatchEvent:
+		return "CloudWatchEvent"
+	case CloudWatchLogsEvent:
+		return "CloudWatchLogsEvent"
+	case CloudFrontRequestEvent:
+		return "CloudFrontRequestEvent"
+	case DynamoDBStreamEvent:
+		return "DynamoDBStreamEvent"
+	case KinesisStreamEvent:
+		return "KinesisStreamEvent"
+	case S3Event:
+		return "S3Event"
+	case SNSEvent:
+		return "SNSEvent"
+	case SQSEvent:
+		return "SQSEvent"
+	case SNSSQSEvent:
+		return "SNSSQSEvent"
+	case AppSyncResolverEvent:
+		return "AppSyncResolverEvent"
+	case EventBridgeEvent:
+		return "EventBridgeEvent"
+	case LambdaFunctionURLEvent:
+		return "LambdaFunctionURLEvent"
+	default:
+		return fmt.Sprintf("EventType(%d)", et)
+	}
+}