Help
Technical Articles
F5 SMEs share good practice.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Automation of F5 Distributed Cloud Platform Client-Side Defense feature - Part I

Janibasha
F5 Employee
F5 Employee

on ‎05-Dec-2022 05:00 - edited on ‎27-Apr-2023 15:39 by Community Manager

Objective: 

The purpose of this article is to automate F5 Distributed Cloud Platform Client-Side Defense feature (F5 XC CSD) detection of malicious 3rd party domains and integrating code in GitHub. This article shows how we can use the Github available Actions workflow to provide the flexibility of updating existing infrastructure after every change using CI/CD event triggers.

In this article we showed a small use case of CI/CD deployment using GitHub Actions, Terraform and Python developed in a generic way where users can bring up the complete setup within a few clicks. 

For more details about this feature please refer: https://community.f5.com/t5/technical-articles/javascript-supply-chains-magecart-and-f5-xc-client-si... 

Overview:

Client-Side Defense (CSD) feature provides a web application protection solution against Magecart style and similar malicious JavaScript attacks. This solution supports below features: 

  • Detection: A continuously evolving signal set allows CSD to understand when scripts on web pages exhibit signs of exfiltration. CSD detects network requests made by malicious scripts that attempt to exfiltrate PII data. 
  • Alerting: CSD generates timely alerts on the behavior of malicious scripts, provided by a continuously improving Analysis Engine.  
  • Mitigation: CSD detects threats in real-time and provides enforcement with one-click mitigation.  

csd-data-flow-new.png

 

Automation Design: 

As part of this automation, we are deploying a demo application in AWS and NGINX web service which hosts a simple web login page. The demo application has a malicious 3rd party Java script which captures the provided username and passwords during the login and sends these details to a malicious control server which keeps recording these credentials.  

Once the demo app is deployed, we are then configuring the origin pool and load balancer in F5 XC and generating web login traffic using Selenium script. Once traffic is logged in F5 XC platform, CSD feature will detect malicious domain network and will display domain in client-Side defense dashboard. After researching the 3rd party domain details customers can either approve or mitigate these network requests. 

Above workflow is integrated using GitHub Actions file which ensures dynamic deployment of the demo app and F5 XC load balancer which can be exposed using public domain name.  

Client - Side - Defense.jpeg

 

Note: Currently this repo code covers automation till CSD malicious domain detection only and will cover mitigation part in the upcoming article of this series. 

 

Code is available here.

 

Deployment steps:

  • Security users can simply clone repo, update variables.tf as per their infra and run workflow which will bring entire infrastructure in few mins.  
  • They can login to the F5 XC console and explore the functionality of Client-Side Defense in an interactive way. Users can use this as a plugin to demonstrate CSD feature. 

Conclusion:  

This article demonstrated how we can leverage the power of CI/CD to create or upgrade our existing infrastructure and maintain the testing scope of Client Side Defense feature. 

 

For further information check the links below:

  • F5 Distributed Cloud Platform (Link)
  • F5 Distributed Cloud Client-Side Defense Overview (Link)
  • F5 Distributed Cloud Client-Side Defense Docs (Link) 
Version history
Last update:
‎27-Apr-2023 15:39
Updated by:
Community Manager
Copyright © 2023 Khoros, LLC