For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

eagertolearn's avatar
eagertolearn
Icon for Nimbostratus rankNimbostratus
May 30, 2024

Attack Analysis- ASM

Hello Everybody,     This is for F5 ASM, Recently while tracing a support ID we came to know that user request was blocked due to suspected SQL injection attack for other support ID it was blocked ...
security
F5_Design_Engineer's avatar
F5_Design_Engineer
Icon for MVP rankMVP
May 31, 2024

Hi eagertolearn,

 

Analyzing requests with violations

To review requests with violations, you need to have a security policy that is already handling traffic that is causing violations. If no violations have occurred, you will not see illegal requests listed in the Requests List.

In the Requests List event log, you can view details about a request, including viewing the violation rating, the full request itself, and any violations associated with it. You can also drill down to view detailed descriptions of the violations and potential attacks. When viewing details about an illegal request, if you decide that the request is trusted and you want to allow it, you can accept the violations shown for this specific request.

Please refer below the detail article for more understanding.

https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/13.html

https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-13-1-0/13.html

https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-13-1-0/33.html

 

If it help resolve your query rate and mark it as solution for the befit of other readers.

 

HTH

 

🙏