Forum Discussion
Mike_Nepomny
Nimbostratus
NimbostratusASM->Policy->get_violation_flags()
Hi,
I am getting all violations from the policy except "Attack signature detected". Are there any way to get "Attack signature detected" violation with ASM->Policy->get_violation_flags() or any other method?
Thank you.
3 Replies
hoolioCirrostratus
Hi Mike,
I haven't used iControl with ASM before, but maybe it looks like you can set an Attack Sig via iControl on an Object parameter. I don't see anything in the iControl ASM wiki for the attack sigs that would be applied to headers or URLs though. Nor do I see any references to attack sig sets (not the updates of the global attack signatures but the collection of signatures that can be assigned to a policy in groups). Anyone have ideas on this?
http://devcentral.f5.com/wiki/default.aspx/iControl/ASM__ObjectParams__add_or_update_object_param_with_characteristics.html
I guess the object could have a URI of * and param name of * for a global parameter.
http://devcentral.f5.com/wiki/default.aspx/iControl/ASM__ObjectParams__AttackSignatureDefinition.html
http://devcentral.f5.com/wiki/default.aspx/iControl/ASM__ObjectParams.html
Aaron
Mike_NepomnyHi Aaron,
Are there any way to fetch violations from traffic learning ?
Thank you.- hoolioHi Mike,
I don't believe that you can retrieve the learning suggestions via iControl based on a quick read through of the ASM portion of the iControl API:
http://devcentral.f5.com/wiki/default.aspx/iControl/ASM.html
You could confirm this with a case with F5 Support. If the functionality doesn't exist now, you could open a request for enhancement.
Aaron
