Hi @Muhannad - I see nobody has answered you yet, so I've shared the link to your question with a colleague who may be able to help. Can you elaborate on your last sentence, though? It looks incomplete.
"I need more information about F5 capablities to integrate with threat intelligence even with o" <--?
I don't know enough about taxii, but it appears to communicate RESTfully. I am digging into this, but do you happen to know what sorts of things a taxii sends? Is the expectation that it programs a deny-list in real time? Is the expectation simply IP blocking (AFM) based on threat intelligence? Can taxii host a deny-list? If so, AFM / AWAF can be programmed to consume that in an automated fashion..