Forum Discussion

smalex's avatar
smalex
Icon for Altostratus rankAltostratus
Feb 12, 2019

Read Access to ASM learning suggestions

We had enabled ASM learning here and have received 5000+ suggestions. Application need to research on many of those, hence a session with them is not possible. They want to have these suggestions exported somehow for their review.

 

Is there a way to export ASM learning suggestions? If not can we create a user with read access and view only to learning suggestion?

 

Please guide.

 

application delivery
ASM Advanced WAF
security
  • suttonsc's avatar
    suttonsc
    Icon for Employee rankEmployee
    Feb 12, 2019

    There is a REST endpoint to return suggestions per policy "/mgmt/tm/asm/policies//suggestions". If there are 5000+ suggestions you will need to use "skip" and "top" to page through the total results: "?\$skip=${runningSkip}\&\$top=${topCount}"

    Example:

    Get the Policy ID:

    [root@ssutton-centos-02 ~] curl -sku admin:admin https://${BIGIP_MGMT}/mgmt/tm/asm/policies | jq '.items[]|{ID: .id,Policy: .name}'
{
  "ID": "IZAtfr_evnm_-M4LIYU_pg",
  "Policy": "JSON_Max_Array_Length"
}
{
  "ID": "kvdCY2diDypYq6qcWvgiYQ",
  "Policy": "All_Policy"
}
`
    

Request the Suggestions:
 Note: The response shows the "totalItems", "itemsPerPage", "startIndex", "totalPages", "pageIndex" these can be used in a script or program to iterate through all suggestions:


    `[root@ssutton-centos-02 ~] curl -sku admin:admin https://${BIGIP_MGMT}/mgmt/tm/asm/policies/IZAtfr_evnm_-M4LIYU_pg/suggestions | jq .
{
  "totalPages": 1,
  "pageIndex": 1,
  "selfLink": "https://localhost/mgmt/tm/asm/policies/IZAtfr_evnm_-M4LIYU_pg/suggestions?$top=500&ver=13.1.0",
  "kind": "tm:asm:policies:suggestions:suggestioncollectionstate",
  "startIndex": 1,
  "itemsPerPage": 500,
  "totalItems": 1,
  "items": [
    {
      "parentEntityId": "",
      "isAutomaticallyLearnable": true,
      "isRead": false,
      "occurrences": 2,
      "status": "pending",
      "lastOccurrenceDatetime": "2019-01-25T20:13:41Z",
      "kind": "tm:asm:policies:suggestions:suggestionstate",
      "selfLink": "https://localhost/mgmt/tm/asm/policies/IZAtfr_evnm_-M4LIYU_pg/suggestions/Ddrl025_iYFut7L93gUnOw?ver=13.1.0",
      "entityId": "6wM3Vka9V9i_0oGfPNd21A",
      "entityName": "anna.com",
      "trustedSourcesCount": 0,
      "refinementReference": {
        "link": "https://localhost/mgmt/tm/asm/refinements/qH_2eaLz5x2RgaZ7dUISLA?ver=13.1.0"
      },
      "id": "Ddrl025_iYFut7L93gUnOw",
      "averageViolationRating": 0,
      "violationRatingCounts": [
        {
          "violationRating": "0",
          "occurrences": 2
        }
      ],
      "entityReference": {
        "link": "https://localhost/mgmt/tm/asm/policies/IZAtfr_evnm_-M4LIYU_pg/host-names/6wM3Vka9V9i_0oGfPNd21A?ver=13.1.0"
      },
      "entityKind": "tm:asm:policies:host-names:host-namestate",
      "reason": "policy-refining",
      "score": 5,
      "sectionReference": {
        "link": "https://localhost/mgmt/tm/asm/policies/IZAtfr_evnm_-M4LIYU_pg/sections/yfD4lfuYq5FZ9R_QKX4jbQ?ver=13.1.0"
      },
      "firstOccurrenceDatetime": "2019-01-25T20:13:41Z",
      "description": "Add Valid Host Name",
      "isGloballyAcceptable": false,
      "requestReferences": [
        {
          "link": "https://localhost/mgmt/tm/asm/events/requests/5023665423262983362?ver=13.1.0"
        }
      ],
      "untrustedSourcesCount": 1,
      "comment": "",
      "action": "add-or-update",
      "isTighteningSuggestion": true
    }
  ]
}