Forum Discussion

Cirrus

Jan 13, 2023

Send Attackers IP to another system via API

Hi experts! I'm newbie here and I need your help. I have a task to send Attackers IP to another system via API. For example I've a ASM and there are some triggered violation. I want to send that Att...

application delivery

security

Nikoolayy1

MVP

Jan 14, 2023

From what you ask it seems that something like a SIEM like Spunk to get the F5 ASM logs is needed and then a SOAR like Splunk Phantom to use the logs to add the Ip addreess of the attacker on the firewall. That is my idea but you will need to dig deep to automate and to play arround.

Aantat

Cirrus

Jan 16, 2023

Hi Nikoolayy1,

Agreed, But I'd like to reach my goal without another 3rd system. I thought about iRule, that will send via HTTP Post to my NGFW the information about attacker IP.

Nikoolayy1
MVP
Jan 16, 2023
Then you will need to play with HTTP Super SIDEBAND Requestor (Client) https://clouddocs.f5.com/api/irules/SIDEBAND.html but I do not have a premade irule for you so you will need to write it and get the IP from https://clouddocs.f5.com/api/irules/ASM_REQUEST_DONE.html event but this will be complex.