30-Mar-2020 15:46
Hi all,
Just started learning about ASM and AFM via documentation. AFM seems to allow importing of external ip list into IP intelligence database, but ASM/WAF seems to use Webroot for its database. Can ASM use external feeds like AFM? OR Can ASM use another source besides webroot feed?
Thanks in advance for helping the noob!
31-Mar-2020 06:21
Currently, ASM/Advanced WAF only works with webroot.
31-Mar-2020 20:23
Hi Samir, thanks for replying. Yes ASM can add individual IP/subnet exception, but I was referring to adding an external feed with a list of IPs or Subnets for black listing.
31-Mar-2020
20:51
- last edited on
24-Mar-2022
01:04
by
li-migration
Such configuration not seen. Go with answer
01-Apr-2020 12:32
no, it is for deploying config
01-Apr-2020 12:52
AFM does allow adding external feeds to IP intelligence though:
So if AFM enriches IPI via external feed (besides webroot), perhaps ASM could take advantage of it as well?
26-Jun-2021 13:41
Yes, I also wonder why you can't do this with the ASM/Adv. WAF 😞
29-Jun-2021 03:27
Thanks for sharing such great information, I found very thankful and helpful information here.
29-Jun-2021 03:56
I am starting to wonder if by using the REST-API can a feed list be created without the AFM module. I may try in the future but if someone has tested this they can share if it works.
https://clouddocs.f5.com/api/icontrol-rest/APIRef_tm_security_ip-intelligence_info.html
Another way could be to use the CVS tabular imported that I am using for importing a list of bad IP addresses or using external data group and populating it or using ansible or BIG-IQ with external data groups:
https://devcentral.f5.com/s/articles/csv-tabular-data-sideband-importer
https://devcentral.f5.com/s/articles/populating-tables-with-csv-data-via-sideband-connections
https://devcentral.f5.com/s/question/0D51T00006aFjFFSA0/managing-datagroups-from-bigiq
There are some free lists from free or payed providers with palo alto minemeld or misp free systems.