Forum Discussion
HI Aantat, what kind of system is the other system, and did you want to manage those messages from a remote system (like pull on system C from system A, push from system C to system B) or just send messages directly from ASM to other systems? More details on what you're trying to accomplish would be helpful, but either way, there's likely a solution we can work out together. Let me know!
- AantatJan 14, 2023Cirrus
Hi JRahm!
So I have a NGFW and F5 WAF. My goal is every time when there is some Security Event triggered, send Attackers IP from that Event to my NGFW via API. Hope I make it clear.
- Nikoolayy1Jan 14, 2023MVP
From what you ask it seems that something like a SIEM like Spunk to get the F5 ASM logs is needed and then a SOAR like Splunk Phantom to use the logs to add the Ip addreess of the attacker on the firewall. That is my idea but you will need to dig deep to automate and to play arround.
- AantatJan 16, 2023Cirrus
Hi Nikoolayy1,
Agreed, But I'd like to reach my goal without another 3rd system. I thought about iRule, that will send via HTTP Post to my NGFW the information about attacker IP.