Forum Discussion

Nimbostratus

Jan 27, 2023

Problem to generate ASM reports using iControl REST API

I'm having trouble to use iControl API do generate BIG-IP reports. I need to connect to IControl API to collect reports of ASM statistics to feed an external tool with monitoring dasboards. I managed...

application delivery

cloud

Joseph_Martin

Employee

Joao_Luis , it is hard to tell exactly what is your issue without seeing the JSOn body that you are POSTing.

If you can share that, we can provide more specific help.

For now, I was able to generate a very basic ASM report by POSTing to /mgmt/tm/analytics/application-security/generate-report/ with this JSON body:

{
    "reportFeatures": [
        "entities-count"
    ],
    "viewDimensions": [
        {
            "dimensionName": "policy"
        }
    ]
}

For which I got this reponse:

{
    "analyticsModule": "application-security",
    "reportFeatures": [
        "entities-count"
    ],
    "timeRange": {
        "from": 1675017375000000,
        "to": 1675020975000000
    },
    "viewDimensions": [
        {
            "dimensionName": "policy"
        }
    ],
    "pagination": {
        "numberOfResults": 10,
        "skipResults": 0
    },
    "partition": "[All]",
    "user": "admin",
    "queries": {},
    "queryStatuses": {},
    "queryResultLinks": {},
    "avrCategory": "application-security",
    "id": "08d94d8d-a44c-4a42-b62b-bfeac9141016",
    "status": "CREATED",
    "generation": 1,
    "lastUpdateMicros": 1675020975245532,
    "kind": "tm:analytics:application-security:generate-report:avrgeneratereporttaskitemstate",
    "selfLink": "https://localhost/mgmt/tm/analytics/application-security/generate-report/08d94d8d-a44c-4a42-b62b-bfeac9141016"
}

Note in the response the report id. In my case, "08d94d8d-a44c-4a42-b62b-bfeac9141016".

Once the report is finished, you can view the report results by sending a GET request to /mgmt/tm/analytics/application-security/report-results/<report_id>.

Again, if you can provide the JSON body that you are sendign to the generate-report endpoint we can provide more specific guidance.

Joao_Luis

Nimbostratus

Jan 30, 2023

Hi Joseph_Martin

I'm using as reference the JSON returned by the API: GET https://Managment-IP/mgmt/tm/analytics/asm-violation/report/example

{
    "kind": "tm:analytics:asm-violation:report:reportstats",
    "selfLink": "https://localhost/mgmt/tm/analytics/asm-violation/report/example?ver=16.1.3.1",
    "propertyDescriptions": {
        "device": "Specifies a BIG-IP device to generate a report on.",
        "deviceGroup": "",
        "deviceList": "Specifies a custom list of BIG-IP devices to generate a report on.",
        "displayedMeasure": "When more than one measure is selected, this field specifies the measure that is shown in the timeseries chart and the bar/pie chart.",
        "drilldown": {
            "entity": "Specifies the entity that is used as a filter.",
            "values": "Specifies the values by which the entity will be filtered. Values that contain whitespace must be surrounded by single or double quotes."
        },
        "emailAddresses": "Specifies a list of email addresses which the report file is sent to.",
        "file": "Specifies the exported file path to be saved. The specified file name should be simple (not a full path).",
        "format": "Specifies the exported file format to be saved or sent.",
        "limit": "Specifies the (maximum) number of rows in the output result set. The default limit is 10 rows, not including the \"Total\" row. The maximum limit is 1000 rows.",
        "measures": "Specifies a list of measures that can be specified for the chosen entity type. Default setting is dependant on the selected \"view-by\" entity.",
        "orderBy": {
            "measure": "Specifies the measure by which the report results will be ordered.",
            "sortType": "Specifies the type of sorting (ascending/descending) that should be used."
        },
        "range": "Specifies the time/date range of the analytics information that you want to display.  The given results will reflect the time range chosen here. Default setting : last hour ( now--now-1h )",
        "smtpConfigOverride": "Specifies the SMTP configuration to use when sending reports by email. This overrides the default SMTP settings.",
        "viewBy": "The main entity by which the report will be viewed"
    },
    "device": "",
    "deviceGroup": "",
    "deviceList": "",
    "displayedMeasure": "",
    "drilldown": [],
    "emailAddresses": [],
    "file": "",
    "format": "",
    "limit": 0,
    "measures": [],
    "orderBy": [],
    "range": "",
    "smtpConfigOverride": "",
    "viewBy": "",
    "naturalKeyPropertyNames": []
}

Taking this JSON as reference I reduced it to this JSON below:

{
    "kind": "tm:analytics:asm-violation:report:reportstats",
    "selfLink": "https://localhost/mgmt/tm/analytics/asm-violation/report/example?ver=16.1.3.1",        
    "limit": 10,    
    "range": "now-1d",    
    "viewBy": "policy"
}

And the response that I receive is this:

{
    "code": 403,
    "message": "Operation is not allowed on component /analytics/asm-violation/report.",
    "errorStack": [],
    "apiError": 1
}

Nikoolayy1
MVP
Mar 31, 2023
Did you manage to find the solution?

What about the article below as for a filter you can use not only the support id but also the request status etc. (what you see in the GUI basically).

K50284219: Exporting ASM Event Report in html using iControl Rest API

https://my.f5.com/manage/s/article/K50284219

Also in the link below I see only the urls that Joseph_Martin suggested to you https://clouddocs.f5.com/api/icontrol-rest/APIRef_tm_analytics.html