Forum Discussion

MSZ's avatar
MSZ
Icon for Nimbostratus rankNimbostratus
Sep 09, 2015

How to start with F5 BIG-IP ASM quickly?

I would like to know the quick overview of the functions under:   Security --> Event Logs Security --> Reporting   And on the basis of Event logs, how we can tune the ASM?  
ASM Advanced WAF
security
boneyard's avatar
boneyard
Icon for MVP rankMVP
Sep 16, 2015

when you what you described then you will see all the events the ASM has logged. for those events you then see the status in the status column. an event can have more then one status.

 

  • Legal Request - a request the ASM decided is legal, so no issues with the request based on the policy you use.
  • Illegal Request - a request the ASM decided is illegal, so issues with the request based on the policy you use, but not blocking, perhaps due to staging or other setting, see explanation of G. Scott Harris above.
  • Blocked Request - a request the ASM decided to block, so issues with the request based on the policy you use.
  • Truncated Request - a request which can be legal, illegal, blocked, unblocked but which was too long to fully log in the ASM
  • Unblocked Request - a request which was unblocked after being blocked, this is new functionality search for the documentation for more info.

this screen tells you nothing about how to further act on these request, there are no hints on how to make things better / more secure. this is just a log of what the ASM has done on requests it has seen so far.