ASM transparent bridge mode detect capabilities

Unfortunately, the "discovery and detection of web applications" is not a function of ASM.

In transparent bridge mode, an ASM BIG-IP device can secure application traffic, but to some extent, you will need to know something about those applications in order to protect them. The deployment strategy is for multiple ASM policies to be assigned to the forwarding virtual server, each specific to one of the applications being secure.

You could create a network forwarding virtual server to intercept all inbound HTTP traffic and assign a single ASM policy to it, which would provide some level of protection, based on the attack signatures you choose, as well as protocol compliancy checks. This protection would be quite generic, of course, though would have some value.

However, I would caution that this extremely general approach can potentially break your applications, since you are imposing restrictions on applications you do not understand, or even know about. Tread carefully with this idea.

A more deliberate, albeit time consuming strategy would be to write an iRule to perform some reconnaissance on your network. Again, I am assuming the BIG-IP is able to see all inbound port 80 traffic. This iRule could log destination IPs, URIs, and other details which would give you a better idea of your environment.

Armed with this information, you could begin to investigate the applications and query the owners for information about how to create ASM policies appropriate for the applications (server type, application architecture, etc..).