For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mohamed_Lrhazi's avatar
Mohamed_Lrhazi
Icon for Altocumulus rankAltocumulus
Aug 26, 2020

WhiteHat and ASM existing policies

Can one add WhiteHat  to existing, already in production, ASM policies? Or does one have to start from scratch, and create a new policy?   The only documentation I found does not seem to mention...
application delivery
ASM Advanced WAF
security
Erik_Novak's avatar
Erik_Novak
Icon for Employee rankEmployee
Aug 28, 2020

You are correct. You can indeed amend an existing policy, not created afresh, and not created by a 3rd-party vulnerability scanner such as WhiteHat. To be clear: WhiteHat will not "fully manage" the policy. WhiteHat will provide you with an XML file that contains a vulnerability assessment. You can import this file into any security policy--after you select WhiteHat as the vulnerability assessment tool. Then you can use ASM to resolve vulnerabilities reported by WhiteHat. I think the misunderstanding may be that once you select the vulnerability assessment tool, you cannot change it later--you can't mix multiple scanner outputs such as WhiteHat, Qualys, WebInspect, etc. within the same policy. Make sense?

  • Mohamed_Lrhazi's avatar
    Mohamed_Lrhazi
    Icon for Altocumulus rankAltocumulus
    Aug 29, 2020

    Makes sense. Thanks a lot Erik!