asm irule to unblock upon violation based on type

Solved! YESSS!

First clue: https://devcentral.f5.com/Wiki/iRules.ASM__violation_data.ashx

Position   Field   Description
**0 Violation** string that contains list of comma separated violations, see below the rquest side and response side violations for value options
1   support_id  Unique id given for a transaction
2   web_application ASM Web application name
3   Severity    it will be the most critical severity of all the transaction violations, possible values: Emergency, Alert, Critical, Error, Warning, Notice and Informational
4   source_ip   Client IP. (in case trust xff option is enabled on the policy, this will be the xff ip
**5 attack_type**   string that contains list of comma separated attack types, see below for value options
6   request_status  Can be “blocked” or “alarmed”

Second clue: ATTACK_TYPE_INFORMATION_LEAKAGEInformation Leakage

So I am browsing the wrong hole which is 0 for matches instead of the correct one which is 5.

Third clue: Note: Starting version 11.5.0 this command is replaced by the commands ASM::violation, ASM::support_id, ASM::severity and ASM::client_ip which have more convenient syntax and enhanced options. It is kept for backward compatibility.

Also had to enable compatibility mode for Trigger iRule upon ASM event.