Hello Ivan,
This is an example request, with only expanding requestReferences:
https://f5-ip/mgmt/tm/asm/policies/9cBBD8iON_18jWFIBpEa_Q/suggestions/CtRldjHPKNuGDAQJULFuOg?$expand=requestReferences
And the response I'm getting (replacing sensitive data and HTTP requests):
{
"parentEntityId": "",
"isAutomaticallyLearnable": false,
"isRead": true,
"occurrences": 3433,
"status": "pending",
"lastOccurrenceDatetime": "2020-04-08T09:59:41Z",
"kind": "tm:asm:policies:suggestions:suggestionstate",
"selfLink": "https://localhost/mgmt/tm/asm/policies/9cBBD8iON_18jWFIBpEa_Q/suggestions/CtRldjHPKNuGDAQJULFuOg?$expand=requestReferences&ver=13.1.0",
"entityId": "",
"entityName": "Policy General Settings",
"trustedSourcesCount": 0,
"id": "CtRldjHPKNuGDAQJULFuOg",
"averageViolationRating": 4.8,
"violationRatingCounts": [
{
"violationRating": "0",
"occurrences": 0
},
{
"violationRating": "1",
"occurrences": 136
},
{
"violationRating": "2",
"occurrences": 0
},
{
"violationRating": "3",
"occurrences": 0
},
{
"violationRating": "4",
"occurrences": 10
},
{
"violationRating": "5",
"occurrences": 3287
}
],
"requests": [
{
"deviceId": "",
"tagReferences": [],
"clientIpIntelligence": [],
"serverPort": 443,
"schema": "https",
"selfLink": "https://localhost/mgmt/tm/asm/events/requests/6844098169184131093?ver=13.1.0",
"sessionId": "adf7ba8367f7ed34",
"url": "/app/Appli.git/info/refs",
"id": "6844098169184131093",
"responseCode": 500,
"loginResult": "N/A",
"username":"xxxx",
"serverIp": "1.2.3.4",
"acceptStatus": "none",
"suggestionReferences": [
{
"link": "https://localhost/mgmt/tm/asm/policies/9cBBD8iON_18jWFIBpEa_Q/suggestions/CtRldjHPKNuGDAQJULFuOg?ver=13.1.0"
}
],
"rawResponse": {
"isTruncated": false,
"exclusionReason": "disabled",
"wasCompressed": false,
"isBase64Encoded": false
},
"blockingExceptionReason": "none",
"rawRequest": {
"isTruncated": false,
"actualSize": 397,
"httpRequestUnescaped": "GET /...",
"httpRequest": "GET /...",
"isBase64Encoded": false
},
"mobileAppVersion": "",
"isRead": false,
"maxRequestHeaderLength": 57,
"enforcementState": {
"isBlocked": false,
"hasViolations": true,
"isUnblocked": false,
"hasRequestViolations": false,
"rating": 1,
"hasStagingViolations": false,
"isAlarmed": true,
"hasResponseViolations": true,
"attackTypeReferences": [
{
"link": "https://localhost/mgmt/tm/asm/attack-types/1DsOkn6MTcm3RAj6BJWfJg?ver=13.1.0"
}
],
"severity": "informational"
},
"mobileAppName": "",
"requestPolicyReference": {
"link": "https://localhost/mgmt/tm/asm/policies/9cBBD8iON_18jWFIBpEa_Q?ver=13.1.0"
},
"matchedLoggingProfile": true,
"requestDatetime": "2020-04-08T09:59:41Z",
"responseContentType": "text/html; charset=utf-8",
"violations": [
{
"httpResponseCode": 500,
"entityType": "response",
"location": "response",
"violationReference": {
"link": "https://localhost/mgmt/tm/asm/violations/cSJYowU55AQWD18mPfODOg?ver=13.1.0"
},
"enforcementState": {
"isBlocked": false,
"isLearned": true,
"isAlarmed": true,
"isInStaging": false
},
"severity": "informational"
}
],
"geolocationCountryCode": "ES",
"method": "GET",
"slot": 0,
"isVisible": true,
"responseDatetime": "2020-04-08T09:59:41Z",
"clientType": "uncategorized",
"maxRequestCookieLength": 0,
"host": "abc.fr",
"clientIp": "1.2.3.4",
"clientPort": 36098,
"comment": "",
"virtualServerName": "/PART_UO0/vs-name",
"captchaResult": "captcha-unknown"
}
],
"entityKind": "tm:asm:policies:general:generalstate",
"entityReference": {
"link": "https://localhost/mgmt/tm/asm/policies/9cBBD8iON_18jWFIBpEa_Q/general?ver=13.1.0"
},
"reason": "violation-mitigation",
"score": 100,
"sectionReference": {
"link": "https://localhost/mgmt/tm/asm/policies/9cBBD8iON_18jWFIBpEa_Q/sections/xMpCOKC5I4INzFCab3WEmw?ver=13.1.0"
},
"firstOccurrenceDatetime": "2020-02-04T14:57:39Z",
"description": "Add 500 to Allowed Response Codes.",
"isGloballyAcceptable": false,
"entityChanges": {
"allowedResponseCodes": [
500
]
},
"untrustedSourcesCount": 20,
"comment": "",
"violationReference": {
"link": "https://localhost/mgmt/tm/asm/violations/cSJYowU55AQWD18mPfODOg?ver=13.1.0"
},
"action": "update-append",
"isTighteningSuggestion": false
}
There are many more requests in the original response I'm getting from F5, but not any of them have the requestStatus property.
I'm focusing on using $select more than $filter because my app is retrieving suggestions from F5, whether they have blocked requests or not (and I'm also selecting various other properties at the same time). But I think what you're proposing here should work in both cases anyway 🙂
Thanks again for your help!
Jérôme