Help
CodeShare
Have some code. Share some code.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

asmevents tool to retrieve events from an ASM device

Mohsen_Ba_alawi
F5 Employee
F5 Employee

on ‎02-Mar-2023 14:02

Code is community submitted, community supported, and recognized as ‘Use At Your Own Risk’.

Short Description

asmevents is a python code to pull security events based on request status using REST APIs.

Problem solved by this Code Snippet

The system still needs to be integrated with a SIEM solution. This code helps to analyze/gather stats about ASM security events remotely.

How to use this Code Snippet

Please refer to the code page on F5 DevCentral's GitHub for usage examples and more valuable notes.

Code Snippet Meta Information

A peak output sample would look like the following:

python3 asmevents.py --host lab.es.com        
The status is set to all if -s isn't used; to pull specific status records, use the flag -s or --status
The user is set to default GUI admin, to use different username use the flag -u or --user
Enter password for the user admin: 
╒═════════════════════╤═════════════╤══════════════════╤════════════╤═══════════════╤════════════════════╤══════════════════╕
│            Event ID │ Source IP   │ Destination IP   │ Protocol   │   Source Port │   Destination Port │ Request Status   │
╞═════════════════════╪═════════════╪══════════════════╪════════════╪═══════════════╪════════════════════╪══════════════════╡
│ 9855905000251722760 │ 10.1.29.1   │ 10.1.156.207     │ HTTP/1.1   │         50482 │                 80 │ blocked          │
├─────────────────────┼─────────────┼──────────────────┼────────────┼───────────────┼────────────────────┼──────────────────┤
│ 9855905000251722752 │ 10.1.29.1   │ 10.1.156.207     │ HTTP/1.1   │         54136 │                 80 │ blocked          │
├─────────────────────┼─────────────┼──────────────────┼────────────┼───────────────┼────────────────────┼──────────────────┤
│ 9855905000251722744 │ 10.1.29.1   │ 10.1.156.207     │ HTTP/1.1   │         50640 │                 80 │ blocked          │
├─────────────────────┼─────────────┼──────────────────┼────────────┼───────────────┼────────────────────┼──────────────────┤
│ 9855905000251722736 │ 10.1.29.1   │ 10.1.156.207     │ HTTP/1.1   │         39570 │                 80 │ blocked          │
├─────────────────────┼─────────────┼──────────────────┼────────────┼───────────────┼────────────────────┼──────────────────┤
│ 9855905000251722690 │ 10.1.29.1   │ 10.1.156.207     │ HTTP/1.1   │         47818 │                 80 │ blocked          │
├─────────────────────┼─────────────┼──────────────────┼────────────┼───────────────┼────────────────────┼──────────────────┤
│ 9855905000251722728 │ 10.1.29.1   │ 10.1.156.207     │ HTTP/1.1   │         56062 │                 80 │ blocked          │
├─────────────────────┼─────────────┼──────────────────┼────────────┼───────────────┼────────────────────┼──────────────────┤
│ 9855905000251722682 │ 10.1.29.1   │ 10.1.156.207     │ HTTP/1.1   │         57072 │                 80 │ blocked          │
╘═════════════════════╧═════════════╧══════════════════╧════════════╧═══════════════╧════════════════════╧══════════════════╛

Full Code Snippet

The code is available on F5 DevCentral's GitHub.

Labels:
Version history
Last update:
‎02-Mar-2023 14:02
Updated by:
F5 Employee
Contributors
Copyright © 2023 Khoros, LLC