Just started learning about ASM and AFM via documentation. AFM seems to allow importing of external ip list into IP intelligence database, but ASM/WAF seems to use Webroot for its database. Can ASM use external feeds like AFM? OR Can ASM use another source besides webroot feed?
Thanks in advance for helping the noob!
Currently, ASM/Advanced WAF only works with webroot.
Hi Samir, thanks for replying. Yes ASM can add individual IP/subnet exception, but I was referring to adding an external feed with a list of IPs or Subnets for black listing.
31-Mar-2020 20:51 - last edited on 24-Mar-2022 01:04 by li-migration
Such configuration not seen. Go with answer
no, it is for deploying config
AFM does allow adding external feeds to IP intelligence though:
So if AFM enriches IPI via external feed (besides webroot), perhaps ASM could take advantage of it as well?
Yes, I also wonder why you can't do this with the ASM/Adv. WAF 😞
Thanks for sharing such great information, I found very thankful and helpful information here.
I am starting to wonder if by using the REST-API can a feed list be created without the AFM module. I may try in the future but if someone has tested this they can share if it works.
Another way could be to use the CVS tabular imported that I am using for importing a list of bad IP addresses or using external data group and populating it or using ansible or BIG-IQ with external data groups:
There are some free lists from free or payed providers with palo alto minemeld or misp free systems.