Forum Discussion

Zdenda's avatar
Zdenda
Icon for Cirrus rankCirrus
Oct 01, 2018

ASM Rest API - set "Evasion technique detected" to Block

Hi, version 12.1.3.

how can I set blocking-setting for (for example) "Evasion technique detected" to Block? I know how to operate with each vulnerability, but how to operate with whole section? API seems to have no endpoint for that

GUI:

API Data:

testPico = get /asm/policies/{}/blocking-settings?$expand=evasionReference

As seen in picture, I get details about each vulnerability, but not about global param as "Learn, Alarm, Block"

Where I can operate with global setting as highlighted in the picture above through Rest API?

Thanks a lot, Zdenek

ASM Advanced WAF
devops
iControlREST
security
  • Zdenda's avatar
    Zdenda
    Icon for Cirrus rankCirrus
    Oct 01, 2018

    I just tried 

    /asm/policies/{}/blocking-settings/evasions
    where {} is the policy ID and the result is the same. I just cannot see anything related learn/alarm/block for all of vulnerabilities under evasions technique

  • suttonsc's avatar
    suttonsc
    Icon for Employee rankEmployee
    Oct 10, 2018

    To access these settings use the path "/mgmt/tm/asm/policies/{{POLICY_ID}}/blocking-settings/violations/{{VIOLATION_ID}}"

    Example:

    
 curl -sku admin:admin https://10.3.155.123/mgmt/tm/asm/policies/KXOU5u4TlCMnB6V2U6qm2w/blocking-settings/violations/qaEsdg5TVAbReo1-krgchw | jq .

{
  "lastUpdateMicros": 1539194657000000,
  "description": "Evasion technique detected",
  "selfLink": "https://localhost/mgmt/tm/asm/policies/KXOU5u4TlCMnB6V2U6qm2w/blocking-settings/violations/qaEsdg5TVAbReo1-krgchw?ver=12.1.3",
  "kind": "tm:asm:policies:blocking-settings:violations:violationstate",
  "violationReference": {
    "link": "https://localhost/mgmt/tm/asm/violations/0VXh4FseZsuj0NmAZGNClw?ver=12.1.3"
  },
  "id": "qaEsdg5TVAbReo1-krgchw",
  "alarm": true,
  "block": true,
  "learn": true
}

    You can then patch this to set the block setting to 'true' or 'false as desired.

    
 curl -sku admin:admin -X PATCH https://${bigip_mgmt}/mgmt/tm/asm/policies/KXOU5u4TlCMnB6V2U6qm2w/blocking-settings/violations/qaEsdg5TVAbReo1-krgchw -d '{ "block": false }' | jq .

{
  "lastUpdateMicros": 1539194685000000,
  "description": "Evasion technique detected",
  "selfLink": "https://localhost/mgmt/tm/asm/policies/KXOU5u4TlCMnB6V2U6qm2w/blocking-settings/violations/qaEsdg5TVAbReo1-krgchw?ver=12.1.3",
  "kind": "tm:asm:policies:blocking-settings:violations:violationstate",
  "violationReference": {
    "link": "https://localhost/mgmt/tm/asm/violations/0VXh4FseZsuj0NmAZGNClw?ver=12.1.3"
  },
  "id": "qaEsdg5TVAbReo1-krgchw",
  "alarm": true,
  "block": false,
  "learn": true
}