Forum Discussion

Cirrus

Oct 01, 2018

ASM Rest API - set "Evasion technique detected" to Block

Hi, version 12.1.3. how can I set blocking-setting for (for example) "Evasion technique detected" to Block? I know how to operate with each vulnerability, but how to operate with whole section? API...

Employee

Oct 10, 2018

To access these settings use the path "/mgmt/tm/asm/policies/{{POLICY_ID}}/blocking-settings/violations/{{VIOLATION_ID}}"

Example:


 curl -sku admin:admin https://10.3.155.123/mgmt/tm/asm/policies/KXOU5u4TlCMnB6V2U6qm2w/blocking-settings/violations/qaEsdg5TVAbReo1-krgchw | jq .

{
  "lastUpdateMicros": 1539194657000000,
  "description": "Evasion technique detected",
  "selfLink": "https://localhost/mgmt/tm/asm/policies/KXOU5u4TlCMnB6V2U6qm2w/blocking-settings/violations/qaEsdg5TVAbReo1-krgchw?ver=12.1.3",
  "kind": "tm:asm:policies:blocking-settings:violations:violationstate",
  "violationReference": {
    "link": "https://localhost/mgmt/tm/asm/violations/0VXh4FseZsuj0NmAZGNClw?ver=12.1.3"
  },
  "id": "qaEsdg5TVAbReo1-krgchw",
  "alarm": true,
  "block": true,
  "learn": true
}

You can then patch this to set the block setting to 'true' or 'false as desired.


 curl -sku admin:admin -X PATCH https://${bigip_mgmt}/mgmt/tm/asm/policies/KXOU5u4TlCMnB6V2U6qm2w/blocking-settings/violations/qaEsdg5TVAbReo1-krgchw -d '{ "block": false }' | jq .

{
  "lastUpdateMicros": 1539194685000000,
  "description": "Evasion technique detected",
  "selfLink": "https://localhost/mgmt/tm/asm/policies/KXOU5u4TlCMnB6V2U6qm2w/blocking-settings/violations/qaEsdg5TVAbReo1-krgchw?ver=12.1.3",
  "kind": "tm:asm:policies:blocking-settings:violations:violationstate",
  "violationReference": {
    "link": "https://localhost/mgmt/tm/asm/violations/0VXh4FseZsuj0NmAZGNClw?ver=12.1.3"
  },
  "id": "qaEsdg5TVAbReo1-krgchw",
  "alarm": true,
  "block": false,
  "learn": true
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)