Forum Discussion

Cirrus

Sep 04, 2024

F5 Malicious Source IP Address Alert

Hi all, Recently we had F5 detect an ongoing malicious attack which we saw on the panel Security > Event Logs > Application > Requests. Is there a way to configure F5 to send an alert ...

security

Nikoolayy1
Sep 06, 2024
The malicious IP means that this ip has done more than 10 violations.

Malicious Source IP Addresses (f5.com)

You can make and schedule ASM/AWAF default or custom report and send it by email:

Scheduling Reports (f5.com)

BIG-IP AWAF Demo 19 - Use Security Policy Logging and Reporting w/ F5 BIG-IP Adv WAF (formerly ASM) (youtube.com)

You can see also session tracking to block ip addresses that generate too many violations and then configure the report for this violation or look into your SIEM for the violation:

Preventing Session Hijacking and Tracking User Sessions (f5.com)

Configuring user session tracking (f5.com)

Nikoolayy1

MVP

Sep 06, 2024

The malicious IP means that this ip has done more than 10 violations.

Malicious Source IP Addresses (f5.com)

You can make and schedule ASM/AWAF default or custom report and send it by email:

Scheduling Reports (f5.com)

BIG-IP AWAF Demo 19 - Use Security Policy Logging and Reporting w/ F5 BIG-IP Adv WAF (formerly ASM) (youtube.com)

You can see also session tracking to block ip addresses that generate too many violations and then configure the report for this violation or look into your SIEM for the violation:

Preventing Session Hijacking and Tracking User Sessions (f5.com)

Configuring user session tracking (f5.com)