Forum Discussion

Irfan_S_337899's avatar
Irfan_S_337899
Icon for Nimbostratus rankNimbostratus
Apr 06, 2018

Extracting Signature sets and signature details from ASM policies

I am trying to extract the following details from the policy. Is there any example available or any help with the script would be really appreciated.

 

  1. Policy Name
  2. All the signatures sets under attack signatures (specify to the selected policy)
  3. Signature Set settings ( Alarm,Learn,Block)
  4. All signatures under each signature sets
  5. Logging profile

Ex: Policy Name: Test_policy Signature sets : Cross-site signature set- Alarm,Learn SQl Injection set- Block Signatures : Cross-site sig1 Cross-site sig2 Sql-injection sig1 Sql-injection sig2

 

Logging profile: Remote_logger

 

import f5 from import ManagementRoot import requests from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

 

mgmt = ManagementRoot('1.1.1.1', 'admin', 'xxxxxxxx') p=mgmt.tm.asm.policies_s.policy.load(id="baOLeraLUyxPhq-_crLonQ") print('Policy Name:',sp.name) sig=sp.signatureReference print(sig)

 

ASM Advanced WAF
iControlREST
security
  • suttonsc's avatar
    suttonsc
    Icon for Employee rankEmployee
    Jun 27, 2018

    For the policies you can get the data with something similar to the following, written in python3.

     

    Note: This does take a bit of time, generates a lot of output and you will need to increase the ASM Max response size under /etc/asm-config-rest.conf

     

        from f5.bigip import  ManagementRoot
    import re

    mgmt = ManagementRoot('155.121.lab.es.f5net.com', 'admin', 'admin')
    _policies = mgmt.tm.asm.policies_s.get_collection()
    _signature_sets = mgmt.tm.asm.signature_sets_s.get_collection()
    _signatures = mgmt.tm.asm.signatures_s.get_collection()

    _policy_IDs=[]

    for _policyId in range(len(_policies)):
      _policy_IDs.append(_policies[_policyId].id)
      print('Policy Name: {}'.format(_policies[_policyId].name))
      _policy_details = mgmt.tm.asm.policies_s.policy.load(id=_policies[_policyId].id)
      _policy_signature_sets = _policy_details.signature_sets_s.get_collection()
      for _set in range(len(_policy_signature_sets)):
        _current_signature_ReferenceId=re.split('/|\?', _policy_signature_sets[_set].signatureSetReference.get("link"))[7]
        for _id in range(len(_signature_sets)):      
          if _current_signature_ReferenceId in _signature_sets[_id].id:
            _signature_set_name = _signature_sets[_id].name

        print('\tSigSet Name: {}\tAlarm: {}\tLearn: {}\tBlock: {}'.format(_signature_set_name, _policy_signature_sets[_set].alarm, _policy_signature_sets[_set].learn, _policy_signature_sets[_set].block))

    for _signature_set in range(len(_signature_sets)):
      print('\n\nSignature Set: {}\n'.format(_signature_sets[_signature_set].name))
      for _signature in range(len(_signature_sets[_signature_set].signatureReferences)):
        _signature_ID = re.split('/|\?', _signature_sets[_signature_set].signatureReferences[_signature].get("link"))[7]
        for _signature_id in range(len(_signatures)):      
          if _signature_ID in _signatures[_signature_id].id:
            print('\tSignature Name: {}\tSignature ID: {}'.format(_signatures[_signature_id].name, _signatures[_signature_id].signatureId))

    For the additional information from the virtual server you can get the securityLogProfiles from the virtual server objects. Not sure if your intention is to supply a virtual server and the discover the applied policy/policies and then iterate through the previous code to dump the data out.

     

    vips=mgmt.tm.ltm.virtuals.get_collection()

for vip in range(len(vips)):
  if hasattr(vips[vip], 'securityLogProfiles'):
    print('VS Name: {}\tSecurity Log Profile: {}'.format(vips[vip].name, vips[vip].securityLogProfiles))

    Let me know if this gets you on the path.