we use the ASM module to make a web portal more secure.
If the Enforcement Mode of the security policy is set to "Blocking", the F5 could block false-positive requests too.
To be aware of it - it is possible to send out an email notification of blocked requests like this?
"blocked URL", "detected attack signature / type of violation", "source IP", "user-agent", "date and time"
BIG-IP v12.1.3 (Build 0.0.378)
* ASM, Unlimited
Hi There, i do have same requirement, how can this can be achieved.
You can use the Scheduled reports feature and tick the checkbox "Send the report file via E-Mail as an attachment" and specify the target e-mail addresses in "Target E-Mail Address" field - read the manual here;
This will only send the email with report on a schedule (e.g. every 6 hours), but it will be in PDF and will have a nice chart, so ideal for managers and network administrators. If you want realtime e-mails (one e-mail message per blocked request) then it is best to configure ASM Logging Profile to send logs to external logging system like Splunk and then have Splunk to send our e-mail alerts (be ready to get thousands of e-mails an hours though - Internet is a nasty place these days with lots of attack traffic!)