Forum Discussion
Prefered Reports from ASM F5 WAF
Hi Experts, We have integrated our WAF device with SIEM Arcsight Solutions - Can any one please suggest me what all daily / Weekly / Monthly reports i can ask from WAF logs ?
Hi ,
You can try to lookin at the schedued reporting in ASM as follows:
=================Notes on Scheduled Reports
You can access Scheduled Reports from three places on the BIG-IP® system. The screen is the same, but the types of reports that you can schedule in each place varies.
- Local Traffic > Profiles > Analytics > Scheduled Reports : Lets you view and schedule reports for all provisioned modules, such as Application Security Manager ™and Advanced Firewall Manager, as well as for TMSTAT-related statistics, and health-related and network statistics including those for disk utilization, TCP, UDP, memory, CPU, DNS, and so on. (Requires user role of Administrator.)
- Statistics > Analytics > Scheduled Reports : Lets you view and schedule reports concerning overall system health-related and network statistics, including those for disk utilization, TCP, UDP, memory, CPU, DNS, and so on. (User roles can be Administrator, Resource Administrator, Application Security Administrator, or Application Security Editor.)
- Security > Reporting > Scheduled Reports : Lets you schedule reports that focus on provisioned security modules, including Application Security Manager and Advanced Firewall Manager. (User roles can be Administrator, Resource Administrator, Application Security Administrator, or Application Security Editor.)
If you have Administrator user privileges, you can schedule all of the reports. If you are a security or network administrator, you would schedule the reports through the Security or Statistics areas.
Scheduling predefined ASM reports to be sent
Before you can schedule reports to be sent, you need to configure SMTP on the system, and have the email addresses of the people to which you want to send the reports.Application Security Manager™ (ASM) provides several predefined reports that list the top security issues discovered on the system. You can set up schedules to send one of the predefined ASM reports by email periodically.- On the main tab, click Security > Reporting > Scheduled Reports .
The Scheduled Reports screen opens.Note: If SMTP is not configured, you receive a message with a link. Click the link to set up SMTP before proceeding.
- On the far right, click Create.
The New Reporting Schedule screen opens.
- In the Name field, type a name for the report schedule.
- In the Send To (E-Mails) setting, type an email address where you want to send the report, and click Add.
Add as many email addresses as you need to.
- From the SMTP Configuration list, select the configuration that you want to use.
If no configurations are available, click Create to add one.
- From the Reporting Module list, select Application Security.
- In the Chart setting, specify the predefined report to send.
- Click Predefined report.
- From the list of predefined reports, select the one to send.
- To include an average of all the statistics and the specific ones, select the Include Overall check box below the list.
- For Mail Frequency, select how often, the date to start, and the time to send the reports.
- Click Finished.
The report schedule is added to the list. The predefined report is sent by email to the addresses as scheduled. Or, select the schedule and click Send Now to test sending it right away. The report is attached to the email as a PDF. You can check the status in the list to see if the report was sent successfully.I have not seen any article showing screenshots of Scheduled reports in ASM section hence for the ready reference of all those who are interested in knowing more about this sections and names of predefined reposts can be seen in the below screenshots:
There are approx 35 different tyes of predefined such reports
reports 1-4 of 34
- On the main tab, click Security > Reporting > Scheduled Reports .
reports 5-9 of 34
reports 10-14 of 34
reports 15-19 of 34
reports 20-24 of 34
reports 25-29 of 34
reports 25-29 of 34
HTH
Hi ,
You can try to lookin at the schedued reporting in ASM as follows:
=================Notes on Scheduled Reports
You can access Scheduled Reports from three places on the BIG-IP® system. The screen is the same, but the types of reports that you can schedule in each place varies.
- Local Traffic > Profiles > Analytics > Scheduled Reports : Lets you view and schedule reports for all provisioned modules, such as Application Security Manager ™and Advanced Firewall Manager, as well as for TMSTAT-related statistics, and health-related and network statistics including those for disk utilization, TCP, UDP, memory, CPU, DNS, and so on. (Requires user role of Administrator.)
- Statistics > Analytics > Scheduled Reports : Lets you view and schedule reports concerning overall system health-related and network statistics, including those for disk utilization, TCP, UDP, memory, CPU, DNS, and so on. (User roles can be Administrator, Resource Administrator, Application Security Administrator, or Application Security Editor.)
- Security > Reporting > Scheduled Reports : Lets you schedule reports that focus on provisioned security modules, including Application Security Manager and Advanced Firewall Manager. (User roles can be Administrator, Resource Administrator, Application Security Administrator, or Application Security Editor.)
If you have Administrator user privileges, you can schedule all of the reports. If you are a security or network administrator, you would schedule the reports through the Security or Statistics areas.
Scheduling predefined ASM reports to be sent
Before you can schedule reports to be sent, you need to configure SMTP on the system, and have the email addresses of the people to which you want to send the reports.Application Security Manager™ (ASM) provides several predefined reports that list the top security issues discovered on the system. You can set up schedules to send one of the predefined ASM reports by email periodically.- On the main tab, click Security > Reporting > Scheduled Reports .
The Scheduled Reports screen opens.Note: If SMTP is not configured, you receive a message with a link. Click the link to set up SMTP before proceeding.
- On the far right, click Create.
The New Reporting Schedule screen opens.
- In the Name field, type a name for the report schedule.
- In the Send To (E-Mails) setting, type an email address where you want to send the report, and click Add.
Add as many email addresses as you need to.
- From the SMTP Configuration list, select the configuration that you want to use.
If no configurations are available, click Create to add one.
- From the Reporting Module list, select Application Security.
- In the Chart setting, specify the predefined report to send.
- Click Predefined report.
- From the list of predefined reports, select the one to send.
- To include an average of all the statistics and the specific ones, select the Include Overall check box below the list.
- For Mail Frequency, select how often, the date to start, and the time to send the reports.
- Click Finished.
The report schedule is added to the list. The predefined report is sent by email to the addresses as scheduled. Or, select the schedule and click Send Now to test sending it right away. The report is attached to the email as a PDF. You can check the status in the list to see if the report was sent successfully.I have not seen any article showing screenshots of Scheduled reports in ASM section hence for the ready reference of all those who are interested in knowing more about this sections and names of predefined reposts can be seen in the below screenshots:
There are approx 35 different tyes of predefined such reports
reports 1-4 of 34
- On the main tab, click Security > Reporting > Scheduled Reports .
reports 5-9 of 34
reports 10-14 of 34
reports 15-19 of 34
reports 20-24 of 34
reports 25-29 of 34
reports 25-29 of 34
HTH
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com