Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

F5 ASM - current blocking report

rsk22
Nimbostratus
Nimbostratus

‎16-May-2023 11:57

Hello everyone, I am currently looking to see if there is any way to find out how much blocking each individual security policy has in place. I have not seen any reports I can run that would show the amount of blocking a policy currently has in place. I am told I might be able to get this info with commands from the iRest API, but I have not had any luck yet. Any input or help would be appreciated. BIG-IP ASM Module.

Labels:
0 Kudos
4 REPLIES 4

lnxgeek
MVP
MVP

‎25-May-2023 05:15

Hi rsk22

What do you mean by "blocking in place"?

0 Kudos

rsk22
Nimbostratus
Nimbostratus
In response to lnxgeek

‎25-May-2023 06:14

When I look at Security Policy Configuration\Attack signatures for each security policy, we can see which signatures are enforced and in blocking, I wanted to see if their was a report I can run to see how many of the enforced signatures have the blocking checkmark. I have attached a jpg to help understand my question. 

Preview file
52 KB
0 Kudos

lnxgeek
MVP
MVP

‎25-May-2023 08:59

@rsk22 try having a look a this script:

https://lnxgeek.org/doku.php/howtos:disable_an_attack_signature_via_api

It is a script I made to disable a signature but it can easily be modified to your needs.

Let me know if it helps you.

0 Kudos

rsk22
Nimbostratus
Nimbostratus
In response to lnxgeek

‎26-May-2023 05:42

I will take a look, thank you.

 

 

0 Kudos
Copyright © 2023 Khoros, LLC