For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Icon for Cirrus rank

Cirrus

Feb 07, 2018

Solved

Report: 1) All servers which are behind ASM in transparent/blocking 2) All active attack signatures in the policy

Hello!

I have a requirement from management for 2 reports:

1) a report which lists all the current servers with ASM active

I tried to get this info from ArcSight SIEM but the hostname field is empty and all I get is IP address.

2) second report which lists all active attack signatures for a policy

I tried exporting the policy but there are only signature numbers.

Any suggestion how I could accomplish the mentioned tasks?

ASM Advanced WAF

eben_259100
Feb 07, 2018
Hi Erkkis

1) tmsh list ltm virtual | grep virtual policies asm 2) Getting all attack signatures? Security > Application Security > Policy Building > Learning and Blocking settings. Click on the "attack signature" dropdown, Then click on the "Signature set name" attached to the policy.

HTH

4 Replies

eben
Nimbostratus
Feb 07, 2018
Hi Erkkis

1) tmsh list ltm virtual | grep virtual policies asm 2) Getting all attack signatures? Security > Application Security > Policy Building > Learning and Blocking settings. Click on the "attack signature" dropdown, Then click on the "Signature set name" attached to the policy.

HTH
- ErkkiS_295148
  Cirrus
  Feb 07, 2018
  Thanks for the number 1. I will try that. For 2 I can see the signatures but there is no way that I can export that list from that page and management wants the list of all assigned attack signatures by e-mail. Any suggestions how I could list + export all the signatures that are active in the policy in the assigned signature sets?
eben_259100
Cirrostratus
Feb 07, 2018
Hi Erkkis

1) tmsh list ltm virtual | grep virtual policies asm 2) Getting all attack signatures? Security > Application Security > Policy Building > Learning and Blocking settings. Click on the "attack signature" dropdown, Then click on the "Signature set name" attached to the policy.

HTH
- ErkkiS_295148
  Cirrus
  Feb 07, 2018
  Thanks for the number 1. I will try that. For 2 I can see the signatures but there is no way that I can export that list from that page and management wants the list of all assigned attack signatures by e-mail. Any suggestions how I could list + export all the signatures that are active in the policy in the assigned signature sets?

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Academy at AppWorld 2026

DevCentral News

Introducing the F5 AI Assistant for BIG-IP

Technical Articles

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5