Forum Discussion
igor_
Cirrus
CirrusF5 Malicious Source IP Address Alert
Hi all, Recently we had F5 detect an ongoing malicious attack which we saw on the panel Security > Event Logs > Application > Requests. Is there a way to configure F5 to send an alert ...
The malicious IP means that this ip has done more than 10 violations.
Malicious Source IP Addresses (f5.com)
You can make and schedule ASM/AWAF default or custom report and send it by email:
You can see also session tracking to block ip addresses that generate too many violations and then configure the report for this violation or look into your SIEM for the violation:
Preventing Session Hijacking and Tracking User Sessions (f5.com)
igor_Cirrus
CirrusOk, we have Graylog for that. But do you know what kind of alert is sent to the log server, since I can't see that now because it's rotated out.
And do you know if F5 has any form of alerting for this type of thing? It is strange to me that a system that big can't send alert emails when something happens and no one is looking at the screen atm.
Thanks,
Igor