Automation of Malicious User detection/mitigation using F5 Distributed Cloud Platform
Introduction:
In today’s modern world where attackers are leveraging the benefits of readily available automated attack tools it is highly recommended to go with security driven framework which helps in negating the impact of possible attack vectors used by these attackers.
F5 Distributed Cloud (F5 XC) platform comes with a wide range of signature set for known attacks and has a machine learning capability to mitigate possible threats from malicious users by analyzing the user behavior.
In this article, we have discussed the demo scenarios we are covering as part of the automation using GitHub Actions, Terraform and Python.
For more information, please have a look at these articles:
AI/ML detection of Malicious Users using F5 Distributed Cloud WAAP – Part I
AI/ML detection of Malicious Users using F5 Distributed Cloud WAAP – Part II
AI/ML detection of Malicious Users using F5 Distributed Cloud WAAP – Part III
Demonstration:
We’ve come up with automation scripts to build up the infrastructure for malicious user detection and mitigation in XC console and malicious events triggering script. You can use the github workflows to see how effectively XC WAAP can detect and mitigate malicious user events
The repository consists of two workflows covering demo scenarios for malicious user detection and mitigation using XC WAAP:
Single LB malicious user detection and default mitigation of high-risk IPs:
In this scenario we are bringing up a HTTP load balancer and configure it to detect and mitigate malicious user events using default mitigation rule. In the second part of this demo, we will generate tor requests and fetch the logs from XC console to validate the detection and mitigation action
Multi LB malicious user detection and custom mitigation of WAF security events:
In this scenario we are bringing up a HTTPS load balancer with an app type enabling detection with custom app settings object, app firewall in blocking mode and custom malicious user mitigation policy. In the second part of this scenario, we are generating XSS attacks and validate the logs fetched from XC console.
Repository Link: Automation demonstration for malicious user detection and mitigation feature of F5 XC Platform
Conclusion:
By using the repository, you will see F5 Distributed Cloud platform’s efficiency to detect users exhibiting suspicious behavior and perform mitigation actions on them safeguarding end application from possible attacks
Hope you liked the demonstration. Please feel free to raise your concerns via GitHub. Thank you!