Forum Discussion
nafooesi
Altostratus
AltostratusIP intelligence feed list for ASM/WAF?
Hi all,
Just started learning about ASM and AFM via documentation. AFM seems to allow importing of external ip list into IP intelligence database, but ASM/WAF seems to use Webroot for its database. Can ASM use external feeds like AFM? OR Can ASM use another source besides webroot feed?
Thanks in advance for helping the noob!
Erik_NovakEmployee
Currently, ASM/Advanced WAF only works with webroot.
SamirMVP
Yes, Can add the IP/Subnet in ASM/WAF IP intelligent database.
Go here* Security > Application Security > IP Addresses > IP Address Intelligence
Find the below image
Thanks
nafooesiHi Samir, thanks for replying. Yes ASM can add individual IP/subnet exception, but I was referring to adding an external feed with a list of IPs or Subnets for black listing.
- Samir
Such configuration not seen. Go with answer
- nafooesi
Does Application Service 3 (AS3) extension provide any method to update feed list? https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/
PeteWhiteno, it is for deploying config
- PeteWhite
IP intelligence is a licensable feature, it uses the same feed for all related areas ie both AFM and ASM use the same feed
- nafooesi
AFM does allow adding external feeds to IP intelligence though:
So if AFM enriches IPI via external feed (besides webroot), perhaps ASM could take advantage of it as well?
- Nikoolayy1
Yes, I also wonder why you can't do this with the ASM/Adv. WAF :(
ernest8478Nimbostratus
Thanks for sharing such great information, I found very thankful and helpful information here.
- Nikoolayy1
I am starting to wonder if by using the REST-API can a feed list be created without the AFM module. I may try in the future but if someone has tested this they can share if it works.
https://clouddocs.f5.com/api/icontrol-rest/APIRef_tm_security_ip-intelligence_info.html
Another way could be to use the CVS tabular imported that I am using for importing a list of bad IP addresses or using external data group and populating it or using ansible or BIG-IQ with external data groups:
https://devcentral.f5.com/s/articles/csv-tabular-data-sideband-importer
https://devcentral.f5.com/s/articles/populating-tables-with-csv-data-via-sideband-connections
https://devcentral.f5.com/s/question/0D51T00006aFjFFSA0/managing-datagroups-from-bigiq
There are some free lists from free or payed providers with palo alto minemeld or misp free systems.
