automatic learning logs/report ?

Question

Hello,&nbsp;My client has no other solution but to implement automatic learning for a new website where the owners won't help the team in understanding the application.On another side, security team wants to have information on what was changed and when by the automatic learning policy.I've come to article https://my.f5.com/manage/s/article/K58082590 that uses API to retrieve the list of learning suggestions for a given policy, but I'm not sure it will give me the information I need for automatic policy.Since suggestions that reach 100% are learned, I imagine the suggestion disappear as soon as 100% score is reached and the API will return nothing if the suggestion has already been learned.Is there a better way to get this report ? I'm ok with SIEM, syslog, API, or maybe an iCall ?&nbsp;To start with, I couldn't find the info in audit logs or in asm logs. some pieces of info are found in Webui : Security &gt; application Security &gt; audit &gt; logs. But how to export this ?

aswin_mk · Answer

Hello MerryIT&nbsp;&nbsp;COuld you please go through this and follow the same steps - Exporting ASM Policy audit logs manually&nbsp;BRAswin

arcenpadouk · Answer

Hello,I am looking for the same type of solution =&gt; view newly automatically learned signatures on parameters for example.We're using Splunk so we decided to fetch this using Baboon Rest API app.The idea was to get signaturesOverrides on parameters, and look if new parameters were added (like thread owner, we also think suggestions disappear when reaching max score, but they should be added elsewhere).Now, we're stuck with an issue from iControl that returns error when we try to filter on arrays (following happen because signatureOverrides is not an object but an array, but error occurs when filtering on arrays, see at the end)So, the only option left we have now is to fetch every parameter and to script the filter, then to import it in Splunk (not optimal)What am I looking for: another way to get the automatic learning logs OR advices for handling iControl queries.BTW: I do agree with owner that audit logs are well hiddenThanks !=================== below example of error with queriesfiltering on objects&nbsp;https://[ip]/mgmt/tm/asm/policies/[policy_id]/parameters?$select=name,signatureOverrides&amp;$filter=signatureOverrides ne nullreturns err 400 -&gt; "Unexpected format for 'signatureOverrides'. Expected Object. Got scalar or array."and when trying to filter on arrays:&nbsp;https://[ip]/mgmt/tm/asm/policies/[policy_id]/parameters$select=name,signatureOverrides&amp;$filter=signatureOverrides/any()returns err 400 -&gt; "Can not parse $filter: 'signatureOverrides/any()'"

Forum Discussion

automatic learning logs/report ?

Recent Discussions

APM RDP custom parameters

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Related Content

Decrypting BIG-IP Packet Captures Automatically

Community Learning Path: Multi-Cloud Networking

Generating irule logs, emails and reports for Shadow API Endpoints on the F5 BIG-IP AWAF/ASM device

Cisco ACI Endpoint Learning with a BIG-IP HA Failover

Community Learning Path: Web Application and API Protection (WAAP)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS