Forum Discussion
Problem to generate ASM reports using iControl REST API
Joao_Luis , it is hard to tell exactly what is your issue without seeing the JSOn body that you are POSTing.
If you can share that, we can provide more specific help.
For now, I was able to generate a very basic ASM report by POSTing to /mgmt/tm/analytics/application-security/generate-report/ with this JSON body:
{
"reportFeatures": [
"entities-count"
],
"viewDimensions": [
{
"dimensionName": "policy"
}
]
}
For which I got this reponse:
{
"analyticsModule": "application-security",
"reportFeatures": [
"entities-count"
],
"timeRange": {
"from": 1675017375000000,
"to": 1675020975000000
},
"viewDimensions": [
{
"dimensionName": "policy"
}
],
"pagination": {
"numberOfResults": 10,
"skipResults": 0
},
"partition": "[All]",
"user": "admin",
"queries": {},
"queryStatuses": {},
"queryResultLinks": {},
"avrCategory": "application-security",
"id": "08d94d8d-a44c-4a42-b62b-bfeac9141016",
"status": "CREATED",
"generation": 1,
"lastUpdateMicros": 1675020975245532,
"kind": "tm:analytics:application-security:generate-report:avrgeneratereporttaskitemstate",
"selfLink": "https://localhost/mgmt/tm/analytics/application-security/generate-report/08d94d8d-a44c-4a42-b62b-bfeac9141016"
}
Note in the response the report id. In my case, "08d94d8d-a44c-4a42-b62b-bfeac9141016".
Once the report is finished, you can view the report results by sending a GET request to /mgmt/tm/analytics/application-security/report-results/<report_id>.
Again, if you can provide the JSON body that you are sendign to the generate-report endpoint we can provide more specific guidance.
- Joao_LuisJan 30, 2023
Nimbostratus
I'm using as reference the JSON returned by the API: GET https://Managment-IP/mgmt/tm/analytics/asm-violation/report/example
{ "kind": "tm:analytics:asm-violation:report:reportstats", "selfLink": "https://localhost/mgmt/tm/analytics/asm-violation/report/example?ver=16.1.3.1", "propertyDescriptions": { "device": "Specifies a BIG-IP device to generate a report on.", "deviceGroup": "", "deviceList": "Specifies a custom list of BIG-IP devices to generate a report on.", "displayedMeasure": "When more than one measure is selected, this field specifies the measure that is shown in the timeseries chart and the bar/pie chart.", "drilldown": { "entity": "Specifies the entity that is used as a filter.", "values": "Specifies the values by which the entity will be filtered. Values that contain whitespace must be surrounded by single or double quotes." }, "emailAddresses": "Specifies a list of email addresses which the report file is sent to.", "file": "Specifies the exported file path to be saved. The specified file name should be simple (not a full path).", "format": "Specifies the exported file format to be saved or sent.", "limit": "Specifies the (maximum) number of rows in the output result set. The default limit is 10 rows, not including the \"Total\" row. The maximum limit is 1000 rows.", "measures": "Specifies a list of measures that can be specified for the chosen entity type. Default setting is dependant on the selected \"view-by\" entity.", "orderBy": { "measure": "Specifies the measure by which the report results will be ordered.", "sortType": "Specifies the type of sorting (ascending/descending) that should be used." }, "range": "Specifies the time/date range of the analytics information that you want to display. The given results will reflect the time range chosen here. Default setting : last hour ( now--now-1h )", "smtpConfigOverride": "Specifies the SMTP configuration to use when sending reports by email. This overrides the default SMTP settings.", "viewBy": "The main entity by which the report will be viewed" }, "device": "", "deviceGroup": "", "deviceList": "", "displayedMeasure": "", "drilldown": [], "emailAddresses": [], "file": "", "format": "", "limit": 0, "measures": [], "orderBy": [], "range": "", "smtpConfigOverride": "", "viewBy": "", "naturalKeyPropertyNames": [] }
Taking this JSON as reference I reduced it to this JSON below:
{ "kind": "tm:analytics:asm-violation:report:reportstats", "selfLink": "https://localhost/mgmt/tm/analytics/asm-violation/report/example?ver=16.1.3.1", "limit": 10, "range": "now-1d", "viewBy": "policy" }
And the response that I receive is this:
{ "code": 403, "message": "Operation is not allowed on component /analytics/asm-violation/report.", "errorStack": [], "apiError": 1 }
- Nikoolayy1Mar 31, 2023
MVP
Did you manage to find the solution?
What about the article below as for a filter you can use not only the support id but also the request status etc. (what you see in the GUI basically).
K50284219: Exporting ASM Event Report in html using iControl Rest API
https://my.f5.com/manage/s/article/K50284219
Also in the link below I see only the urls that Joseph_Martin suggested to you https://clouddocs.f5.com/api/icontrol-rest/APIRef_tm_analytics.html
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com