Forum Discussion
Zdenda
Cirrus
CirrusASM Rest API - set "Evasion technique detected" to Block
Hi,
version 12.1.3.
how can I set blocking-setting for (for example) "Evasion technique detected" to Block?
I know how to operate with each vulnerability, but how to operate with whole section? API...
suttonsc
Employee
EmployeeTo access these settings use the path "/mgmt/tm/asm/policies/{{POLICY_ID}}/blocking-settings/violations/{{VIOLATION_ID}}"
Example:
curl -sku admin:admin https://10.3.155.123/mgmt/tm/asm/policies/KXOU5u4TlCMnB6V2U6qm2w/blocking-settings/violations/qaEsdg5TVAbReo1-krgchw | jq .
{
"lastUpdateMicros": 1539194657000000,
"description": "Evasion technique detected",
"selfLink": "https://localhost/mgmt/tm/asm/policies/KXOU5u4TlCMnB6V2U6qm2w/blocking-settings/violations/qaEsdg5TVAbReo1-krgchw?ver=12.1.3",
"kind": "tm:asm:policies:blocking-settings:violations:violationstate",
"violationReference": {
"link": "https://localhost/mgmt/tm/asm/violations/0VXh4FseZsuj0NmAZGNClw?ver=12.1.3"
},
"id": "qaEsdg5TVAbReo1-krgchw",
"alarm": true,
"block": true,
"learn": true
}
You can then patch this to set the block setting to 'true' or 'false as desired.
curl -sku admin:admin -X PATCH https://${bigip_mgmt}/mgmt/tm/asm/policies/KXOU5u4TlCMnB6V2U6qm2w/blocking-settings/violations/qaEsdg5TVAbReo1-krgchw -d '{ "block": false }' | jq .
{
"lastUpdateMicros": 1539194685000000,
"description": "Evasion technique detected",
"selfLink": "https://localhost/mgmt/tm/asm/policies/KXOU5u4TlCMnB6V2U6qm2w/blocking-settings/violations/qaEsdg5TVAbReo1-krgchw?ver=12.1.3",
"kind": "tm:asm:policies:blocking-settings:violations:violationstate",
"violationReference": {
"link": "https://localhost/mgmt/tm/asm/violations/0VXh4FseZsuj0NmAZGNClw?ver=12.1.3"
},
"id": "qaEsdg5TVAbReo1-krgchw",
"alarm": true,
"block": false,
"learn": true
}
