Forum Discussion

Nimbostratus

May 30, 2024

Attack Analysis- ASM

Hello Everybody, This is for F5 ASM, Recently while tracing a support ID we came to know that user request was blocked due to suspected SQL injection attack for other support ID it was blocked ...

security

F5_Design_Engineer

MVP

May 30, 2024

Hi eagertolearn,

Analyzing requests with violations

To review requests with violations, you need to have a security policy that is already handling traffic that is causing violations. If no violations have occurred, you will not see illegal requests listed in the Requests List.

In the Requests List event log, you can view details about a request, including viewing the violation rating, the full request itself, and any violations associated with it. You can also drill down to view detailed descriptions of the violations and potential attacks. When viewing details about an illegal request, if you decide that the request is trusted and you want to allow it, you can accept the violations shown for this specific request.

Please refer below the detail article for more understanding.

https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/13.html

https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-13-1-0/13.html

https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-13-1-0/33.html

If it help resolve your query rate and mark it as solution for the befit of other readers.

HTH

🙏

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)