Forum Discussion
NimbostratusAdhoc reports/email notification for ASM web application firewall in case of blocking
Hi there,
we use the ASM module to make a web portal more secure. If the Enforcement Mode of the security policy is set to "Blocking", the F5 could block false-positive requests too. To be aware of it - it is possible to send out an email notification of blocked requests like this?
"blocked URL", "detected attack signature / type of violation", "source IP", "user-agent", "date and time"
BIG-IP v12.1.3 (Build 0.0.378) * ASM, Unlimited
EcesureshkumarHi There, i do have same requirement, how can this can be achieved.
samstepCirrocumulus
You can use the Scheduled reports feature and tick the checkbox "Send the report file via E-Mail as an attachment" and specify the target e-mail addresses in "Target E-Mail Address" field - read the manual here;
This will only send the email with report on a schedule (e.g. every 6 hours), but it will be in PDF and will have a nice chart, so ideal for managers and network administrators. If you want realtime e-mails (one e-mail message per blocked request) then it is best to configure ASM Logging Profile to send logs to external logging system like Splunk and then have Splunk to send our e-mail alerts (be ready to get thousands of e-mails an hours though - Internet is a nasty place these days with lots of attack traffic!)