Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Adhoc reports/email notification for ASM web application firewall in case of blocking

Hi there,

we use the ASM module to make a web portal more secure. If the Enforcement Mode of the security policy is set to "Blocking", the F5 could block false-positive requests too. To be aware of it - it is possible to send out an email notification of blocked requests like this?

"blocked URL", "detected attack signature / type of violation", "source IP", "user-agent", "date and time"

BIG-IP v12.1.3 (Build 0.0.378) * ASM, Unlimited

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi There, i do have same requirement, how can this can be achieved.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

You can use the Scheduled reports feature and tick the checkbox "Send the report file via E-Mail as an attachment" and specify the target e-mail addresses in "Target E-Mail Address" field - read the manual here;

https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/13.html

This will only send the email with report on a schedule (e.g. every 6 hours), but it will be in PDF and will have a nice chart, so ideal for managers and network administrators. If you want realtime e-mails (one e-mail message per blocked request) then it is best to configure ASM Logging Profile to send logs to external logging system like Splunk and then have Splunk to send our e-mail alerts (be ready to get thousands of e-mails an hours though - Internet is a nasty place these days with lots of attack traffic!)

0