For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ErkkiS_295148's avatar
ErkkiS_295148
Icon for Cirrus rankCirrus
Feb 07, 2018
Solved

Report: 1) All servers which are behind ASM in transparent/blocking 2) All active attack signatures in the policy

Hello!   I have a requirement from management for 2 reports:   1) a report which lists all the current servers with ASM active   I tried to get this info from ArcSight SIEM but the hostname ...
ASM Advanced WAF
asm reporting
report
security
  • eben_259100's avatar
    eben_259100
    Feb 07, 2018

    Hi Erkkis

     

    1) tmsh list ltm virtual | grep virtual policies asm 2) Getting all attack signatures? Security > Application Security > Policy Building > Learning and Blocking settings. Click on the "attack signature" dropdown, Then click on the "Signature set name" attached to the policy.

     

    HTH

     

eben_259100's avatar
eben_259100
Icon for Cirrostratus rankCirrostratus
Feb 07, 2018

Hi Erkkis

 

1) tmsh list ltm virtual | grep virtual policies asm 2) Getting all attack signatures? Security > Application Security > Policy Building > Learning and Blocking settings. Click on the "attack signature" dropdown, Then click on the "Signature set name" attached to the policy.

 

HTH

 

  • ErkkiS_295148's avatar
    ErkkiS_295148
    Icon for Cirrus rankCirrus
    Feb 07, 2018

    Thanks for the number 1. I will try that. For 2 I can see the signatures but there is no way that I can export that list from that page and management wants the list of all assigned attack signatures by e-mail. Any suggestions how I could list + export all the signatures that are active in the policy in the assigned signature sets?