Help
Technical Articles
F5 SMEs share good practice.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

F5 Partner Solution Showcase - "BlockAPT Platform - Command for Unified Visibility"

Greg_Coward
F5 Employee
F5 Employee

on ‎06-Mar-2023 05:00

Visibility is Not Enough

A critical component to any mission-critical application infrastructure (Network and Security) is visibility.  To effectively manage and protect an application, one must have granular visibility into performance and security events/metrics.  However, visibility is not as effective, on its own, without the ability to take action to mitigate risks and improve operational efficiency, preferably automatically.

Introducing BlockAPT

In this edition of the “Partner Solution Showcase” we introduce one of our technology alliance partners, BlockAPT.  BlockAPT helps organizations to securely connect, monitor and manage their entire digital ecosystem from a single pane of glass, which enables them to audit, orchestrate, and automate IT security and operations centrally.  The BlockAPT platform comprises three modular products that can be deployed independently or in combination. These products are:

Command - Centralized incidents and events database, customizable and automatable alerting, reporting and dashboards

Control - Centralized management and administration of the digital ecosystem from a single pane of glass to enable centralized orchestration and automation of tasks for SecOps, NetOps and CloudOps

Connect - Securing data-at-rest and data-in-motion using FIPS 140-3 certified MTE technology for post-quantum secure connectivity

Solution Overview

The remainder of this article illustrates how BlockAPT can be used to collect, monitor, and process logs & events from F5 BIG-IP LTM and Advanced WAF. By combining security and networking data organizations can start their journey towards achieving unified visibility, which is a key component if they want to embrace automation.

Screen Shot 2023-02-22 at 3.58.02 PM.png

Prerequisites

  • F5 BIG-IP LTM (Version:12 or later): Virtual Edition (VE) was utilized for this article.   However, both hardware and virtual edition platforms can be utilized.
  • F5 BIG-IP Advanced WAF (formerly ASM) (Version:12 or later): Virtual Edition (VE) was utilized for this article.  However, both hardware and virtual edition platforms can be utilized. 
  • BlockAPT Command (Version 4.1.0 or later): BlockAPT software
  • Internet Connectivity

Step 1:  Deploy and configure F5 BIG-IP LTM and Advanced WAF

  • Follow F5 Networks’ documentation to deploy F5 BIG-IP LTM and Advanced WAF on your preferred infrastructure (in the cloud or on-premises)
  • License and active F5 BIG-IP LTM and Advanced WAF
  • Ensure that the BIG-IP logs & events can be sent to the BlockAPT Platform via standard BIG-IP syslog or logging profiles
  • Ensure that there is connectivity between the BIG-IP and the BlockAPT platform utilizing the port selected for the syslog and/or logging profile

Step 2: Deploy and configure BlockAPT Platform (Command)

  • Follow BlockAPT’s documentation to deploy BlockAPT Platform - Command on your preferred infrastructure (in the cloud or on-premises)
  • License and activate BlockAPT Platform - Command
  • Log into the platform
  • Go to Global Settings > Logger > Log Listener
block2.png
  • Click the + on the top right to add a new device
block3.png
  • Add F5 BIG-IP LTM. Complete the form and click submit. (You must add the host name or host IP and ensure that the remote BIG-IP system can send data to the BlockAPT Platform via the specified port).
block4.png
  • Repeat Step for the BIG-IP Advanced WAF
  • Check if the BIG-IP devices are sending logs to the BlockAPT Platform via the configured syslog port on the BlockAPT Platform by going to Dashboard > Statistics from Logger
block5.png
  • Review the list to ensure your F5 devices are showing that the raw logs are being received. If not, ensure the network connectivity is confirmed and that F5 devices are sending data to the correct port (data is sent from BIG-IP LTM and Advanced WAF to the BlockAPT Platform).

Step 3: Customize your BlockAPT Platform - Command Dashboard 

  • Go to Global Settings > Dashboard Settings > Custom Dashboard
  • For data source choose: Logger
  • For device type select: F5 LTM
  • Select the desired widgets
block6.png
  •  Click Submit
  • Go to Global Settings > Dashboard Settings > Custom Dashboard
  • For data source choose: Logger
  • For device type select: F5 Advanced WAF
  • Select the desired widgets
block7.png
  • Click Submit
  • You will now be able to see all the widgets you had selected, in one place;  the custom dashboard. You can reach the custom dashboard by:
    1. Clicking the BlockAPT logo on the top left-hand side of the screen 
    2. By going to Global Settings > Dashboard settings > Custom Dashboard. 
    3. By going to Dashboard > Custom Dashboard 
block8.png

Step 4: Create Custom Reports on BlockAPT Platform - Command 

  • Task Management > Create Task
block9.png
  • Choose a name for this task
  • Choose Type: Custom Reports
  • Choose Action: Devices or Logger
block10.pngblock11.png
  • Choose Device Type: F5 (from the drop-down menu)
  • Fill in the rest of the form in accordance with your preferences
  • Select Assignee(s)
block12.png
  • Click Submit
  • Go to Task Management > Tasks
  • Select and view the task created
block13.pngblock14.png
  • Click Approve.  You will now be able to access the report in the Custom Reports section of the GUI.  An incident management ticket referencing the report creation will be generated automatically.
block15.png

Step 5: Alerts

  • Under Incident Management > search for the relevant tickets to view the alerts
block16.png
  • Change the tickets accordingly (i.e., priority, assignment, etc.)

Conclusion

BlockAPT Platform - Command enables customers to unify visibility into a single pane of glass WebUI. To maximize on the benefits of the BlockAPT Platform we recommend using BlockAPT Platform - Control to activate the automation and orchestration of actions following detected alerts or thresholds. This can be done using automated Workflows / Playbooks. Actions can also be manual or semi-automated.

Additional Resources

Version history
Last update:
‎22-Feb-2023 17:17
Updated by:
F5 Employee
Contributors
Copyright © 2023 Khoros, LLC