For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

silvio-m_373169's avatar
silvio-m_373169
Icon for Nimbostratus rankNimbostratus
Jan 30, 2019

Adhoc reports/email notification for ASM web application firewall in case of blocking

Hi there,   we use the ASM module to make a web portal more secure. If the Enforcement Mode of the security policy is set to "Blocking", the F5 could block false-positive requests too. To be awa...
application delivery
ASM Advanced WAF
BIG-IP
security
samstep's avatar
samstep
Icon for Cirrocumulus rankCirrocumulus
Feb 05, 2019

You can use the Scheduled reports feature and tick the checkbox "Send the report file via E-Mail as an attachment" and specify the target e-mail addresses in "Target E-Mail Address" field - read the manual here;

 

https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/13.html

 

This will only send the email with report on a schedule (e.g. every 6 hours), but it will be in PDF and will have a nice chart, so ideal for managers and network administrators. If you want realtime e-mails (one e-mail message per blocked request) then it is best to configure ASM Logging Profile to send logs to external logging system like Splunk and then have Splunk to send our e-mail alerts (be ready to get thousands of e-mails an hours though - Internet is a nasty place these days with lots of attack traffic!)