Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Automate Data Group updates on many Big-IP devices using Big-IQ or Ansible or Terraform

Problem this snippet solves: In many cases generated bad ip address lists by a SIEM (ELK, Splunk, IBM QRADAR) need to be uploaded to F5 for to be blocked but the BIG-IQ can't be used to send data g...
Updated Dec 23, 2022
Version 12.0
Ansible
application delivery
big-ip
BIG-IQ
devops
Nikoolayy1's avatar
Icon for MVP rankMVP
NGFW and WAF Tech Expert with more than 5 years of experience in the field of Cybersecurity, Automation, Orchestration and over 10 years in IT.
View Profile
StephanManthey's avatar
StephanManthey
Icon for Nacreous rankNacreous
Jul 11, 2022

There are Ansible modules provided by F5 to handle datagroups. Especially with internal datagroups I had issues with the key/value-separator and whitespaces. That´s why I tend to stick to use internal datagroups as long as they aren´t too big.

Instead of using the F5 provided modules you might want to consider direct calls to the iControl REST API.

List existing internal datagroups, i.e.:

GET /mgmt/tm/ltm/data-group/internal$select=name,type

Creating an empty new datagroup, i.e. of type string:

POST /mgmt/tm/ltm/data-group/internal

{
    "description": "Test Datagroup",
    "name": "datagroup_virtual_lab.bit",
    "type": "string"
}

Replace the content of a datagroup, i.e.:

PATCH /mgmt/tm/ltm/data-group/internal/<datagroup-name>

{
    "description": "Test Datagroup",
    "name": "datagroup_virtual_lab.bit",
    "type": "string",
    "records": [
        {
            "name":"key1",
            "data":"data1"
        },
        {
             "name":"key2",
             "data":"data2"
        }
    ]
}

Add records to an existing datagroup, i.e.:

PATCH /mgmt/tm/ltm/data-group/internal/<datagroup-name>?options=records add { <key-name> { data <data-value> } }