asmevents tool to retrieve events from an ASM device
Code is community submitted, community supported, and recognized as ‘Use At Your Own Risk’.
Short Description
asmevents is a python code to pull security events based on request status using REST APIs.
Problem solved by this Code Snippet
The system still needs to be integrated with a SIEM solution. This code helps to analyze/gather stats about ASM security events remotely.
How to use this Code Snippet
Please refer to the code page on F5 DevCentral's GitHub for usage examples and more valuable notes.
Code Snippet Meta Information
A peak output sample would look like the following:
python3 asmevents.py --host lab.es.com
The status is set to all if -s isn't used; to pull specific status records, use the flag -s or --status
The user is set to default GUI admin, to use different username use the flag -u or --user
Enter password for the user admin:
╒═════════════════════╤═════════════╤══════════════════╤════════════╤═══════════════╤════════════════════╤══════════════════╕
│ Event ID │ Source IP │ Destination IP │ Protocol │ Source Port │ Destination Port │ Request Status │
╞═════════════════════╪═════════════╪══════════════════╪════════════╪═══════════════╪════════════════════╪══════════════════╡
│ 9855905000251722760 │ 10.1.29.1 │ 10.1.156.207 │ HTTP/1.1 │ 50482 │ 80 │ blocked │
├─────────────────────┼─────────────┼──────────────────┼────────────┼───────────────┼────────────────────┼──────────────────┤
│ 9855905000251722752 │ 10.1.29.1 │ 10.1.156.207 │ HTTP/1.1 │ 54136 │ 80 │ blocked │
├─────────────────────┼─────────────┼──────────────────┼────────────┼───────────────┼────────────────────┼──────────────────┤
│ 9855905000251722744 │ 10.1.29.1 │ 10.1.156.207 │ HTTP/1.1 │ 50640 │ 80 │ blocked │
├─────────────────────┼─────────────┼──────────────────┼────────────┼───────────────┼────────────────────┼──────────────────┤
│ 9855905000251722736 │ 10.1.29.1 │ 10.1.156.207 │ HTTP/1.1 │ 39570 │ 80 │ blocked │
├─────────────────────┼─────────────┼──────────────────┼────────────┼───────────────┼────────────────────┼──────────────────┤
│ 9855905000251722690 │ 10.1.29.1 │ 10.1.156.207 │ HTTP/1.1 │ 47818 │ 80 │ blocked │
├─────────────────────┼─────────────┼──────────────────┼────────────┼───────────────┼────────────────────┼──────────────────┤
│ 9855905000251722728 │ 10.1.29.1 │ 10.1.156.207 │ HTTP/1.1 │ 56062 │ 80 │ blocked │
├─────────────────────┼─────────────┼──────────────────┼────────────┼───────────────┼────────────────────┼──────────────────┤
│ 9855905000251722682 │ 10.1.29.1 │ 10.1.156.207 │ HTTP/1.1 │ 57072 │ 80 │ blocked │
╘═════════════════════╧═════════════╧══════════════════╧════════════╧═══════════════╧════════════════════╧══════════════════╛Full Code Snippet
The code is available on F5 DevCentral's GitHub.
Published Mar 02, 2023
Version 1.0