Marvin
Jul 02, 2021Cirrocumulus
F5 ASM event correlation incident alerting
Dear all,
I simple question I hope but we are looking for a way to automatically send an alert (via email or perhaps syslog or local log entry) when F5 detects a serious security incident using its event correlation database. We dont have the capabilities to perform this on an external SIEM solution and why should we as F5 already has its internal correlation security incidents, right?
So does someone has a solution to automatically send a syslog message, or use bash script that reads /var/log/* for specific strings or perhaps simply send it via email when a F5 event correlation security incident occurs?
Second question is that would it also be possible for the same correlation engine to automatically update the F5 AFM blacklist IP?