Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

F5 ASM - current blocking report

rsk22
Nimbostratus
Nimbostratus

Hello everyone, I am currently looking to see if there is any way to find out how much blocking each individual security policy has in place. I have not seen any reports I can run that would show the amount of blocking a policy currently has in place. I am told I might be able to get this info with commands from the iRest API, but I have not had any luck yet. Any input or help would be appreciated. BIG-IP ASM Module.

4 REPLIES 4

lnxgeek
MVP
MVP

Hi rsk22

What do you mean by "blocking in place"?

When I look at Security Policy Configuration\Attack signatures for each security policy, we can see which signatures are enforced and in blocking, I wanted to see if their was a report I can run to see how many of the enforced signatures have the blocking checkmark. I have attached a jpg to help understand my question. 

lnxgeek
MVP
MVP

@rsk22 try having a look a this script:

https://lnxgeek.org/doku.php/howtos:disable_an_attack_signature_via_api

It is a script I made to disable a signature but it can easily be modified to your needs.

Let me know if it helps you.

I will take a look, thank you.