Forum Discussion

Nik_67256's avatar
Nik_67256
Icon for Nimbostratus rankNimbostratus
Apr 20, 2012

Successful Attacks when in Blocking

Hi Aaron / All ,

 

 

Had a query about information / reports on successful attacks in ASM after blocking. I know if the mouse is hovered over the blocking Icon(blocked Hand) , it shows a summary of the attacks blocked.

 

 

Queries are

 

1) Is there a detailed report on what ASM is acctually blocking (gives an idea of what it protects)

 

2) Is there any way of identfing what attacks were successfull when in blocking mode. (This would help fine tune policies)

 

 

 

Note - Am aware of the options outside ASM like scanning to identify vulnerabilities after blocking , but wanted to know about this capability withen ASM

 

 

 

regards,

 

Nik

 

 

 

 

 

 

management
monitoring

1 Reply

  • santosh_81454's avatar
    santosh_81454
    Icon for Nimbostratus rankNimbostratus
    May 17, 2012
    Hi Nik, all the ASM blocks are listed under Application security > Reporting > Requests.

     

    here you can create custom filter based on time, source Ip and various other parameters to see the blocks created by ASM. Also, you can export the PDF format of the blocks for the first 100 requests.

     

     

    The ASM signatures are the xml definitions that actually block the data. You can check the status of the signatures for each web application under policy -> AttackSignatures -> policy attack signatures.

     

     

    - Santosh.