Forum Discussion
NimbostratusReporting Help Needed
Hi Experts ,
I am new to F5 , i need a help regarding reporting , so client have F5 WAF , and we have to make a daily report of "event correlation" we need to copy the incident details count and the security policy name from each and every "vulnerability scan" and copy the information , i can export it on html , but the problem is in the html we are not getting the full information. so can you please let me know how can i export the full report.
1 Reply
- Jmtaylor
Moderator
debtanubiswas1
Hello I was able to find this information that may help with your question. This was generated with the help of AIHere are a few steps you can take to ensure you get the full information from your F5 WAF:
1. **Check Configuration Settings**: Make sure that the configuration settings for your reports are set to include all necessary details. Sometimes, default settings might not capture all the desired information.
2. **Use the GUI for Exporting Reports**:
- Log in to the F5 WAF management console.
- Navigate to the **Security** tab, then go to **Event Logs**.
- From the Event Logs, go to **Application** and then **Requests**.
- Apply the necessary filters to capture the events you need.
- Use the **Export** option to generate a report. You might be able to choose different formats like CSV or XML, which might provide more detailed information than HTML.3. **Leverage the API**:
- F5 WAF provides a REST API that you can use to fetch detailed logs and reports programmatically.
- Use the API to query the necessary endpoints and gather the data you need.
- For example, you can use the API to pull logs from the ASM (Application Security Manager) module.4. **Using iControl REST API**:
- You can use the iControl REST API to pull event details.
- Authenticate and use the appropriate endpoints to get the event logs.
- Refer to the official F5 iControl REST API documentation for detailed information on how to use these endpoints.5. **Advanced Logging Profiles**:
- Make sure you have advanced logging profiles configured that capture all the necessary details.
- Go to **Security** -> **Event Logs** -> **Logging Profiles** and configure a profile to include all desired information.6. **Custom Scripts**:
- If the built-in options do not provide the level of detail you need, consider writing a custom script.
- Use a combination of API calls and data parsing to extract the required information.
- Python, for example, is a good choice for scripting and has libraries for making HTTP requests and processing data.Here is a simple example of how you might use Python with the Requests library to pull data from the F5 API:
```python
import requests
import json# Replace with your F5 WAF details
url = 'https://<f5-waf-url>/mgmt/tm/asm/events'
username = 'your-username'
password = 'your-password'# Make the API request
response = requests.get(url, auth=(username, password), verify=False)# Check the response status
if response.status_code == 200:
data = response.json()
# Process the data as needed
for event in data['items']:
print(f"Incident: {event['id']}, Policy: {event['policyName']}")
else:
print(f"Failed to retrieve data: {response.status_code}")```
7. **Consult F5 Support**: If you are still unable to get the full information, consider reaching out to F5 support. They can provide specific guidance based on your setup and requirements.
By using these methods, you should be able to extract the full details needed for your daily reports.
Let us know if this was useful.
