Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

ASM Rest API - set "Evasion technique detected" to Block

Hi, version 12.1.3.

how can I set blocking-setting for (for example) "Evasion technique detected" to Block? I know how to operate with each vulnerability, but how to operate with whole section? API seems to have no endpoint for that

GUI: Image Text

API Data:

testPico = get /asm/policies/{}/blocking-settings?$expand=evasionReference

Image Text

As seen in picture, I get details about each vulnerability, but not about global param as "Learn, Alarm, Block"

Where I can operate with global setting as highlighted in the picture above through Rest API?

Thanks a lot, Zdenek

0
Rate this Question
Comments on this Question
Comment made 5 months ago by Zdenda 451

I just tried /asm/policies/{}/blocking-settings/evasions where {} is the policy ID and the result is the same. I just cannot see anything related learn/alarm/block for all of vulnerabilities under evasions technique

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

To access these settings use the path "/mgmt/tm/asm/policies/{{POLICY_ID}}/blocking-settings/violations/{{VIOLATION_ID}}"

Example:


# curl -sku admin:admin https://10.3.155.123/mgmt/tm/asm/policies/KXOU5u4TlCMnB6V2U6qm2w/blocking-settings/violations/qaEsdg5TVAbReo1-krgchw | jq .

{
  "lastUpdateMicros": 1539194657000000,
  "description": "Evasion technique detected",
  "selfLink": "https://localhost/mgmt/tm/asm/policies/KXOU5u4TlCMnB6V2U6qm2w/blocking-settings/violations/qaEsdg5TVAbReo1-krgchw?ver=12.1.3",
  "kind": "tm:asm:policies:blocking-settings:violations:violationstate",
  "violationReference": {
    "link": "https://localhost/mgmt/tm/asm/violations/0VXh4FseZsuj0NmAZGNClw?ver=12.1.3"
  },
  "id": "qaEsdg5TVAbReo1-krgchw",
  "alarm": true,
  "block": true,
  "learn": true
}

You can then patch this to set the block setting to 'true' or 'false as desired.


# curl -sku admin:admin -X PATCH https://${bigip_mgmt}/mgmt/tm/asm/policies/KXOU5u4TlCMnB6V2U6qm2w/blocking-settings/violations/qaEsdg5TVAbReo1-krgchw -d '{ "block": false }' | jq .

{
  "lastUpdateMicros": 1539194685000000,
  "description": "Evasion technique detected",
  "selfLink": "https://localhost/mgmt/tm/asm/policies/KXOU5u4TlCMnB6V2U6qm2w/blocking-settings/violations/qaEsdg5TVAbReo1-krgchw?ver=12.1.3",
  "kind": "tm:asm:policies:blocking-settings:violations:violationstate",
  "violationReference": {
    "link": "https://localhost/mgmt/tm/asm/violations/0VXh4FseZsuj0NmAZGNClw?ver=12.1.3"
  },
  "id": "qaEsdg5TVAbReo1-krgchw",
  "alarm": true,
  "block": false,
  "learn": true
}

0
Comments on this Answer
Comment made 5 months ago by Zdenda 451

Hi, this works, thanks. It confused me as it is on same "level" as evasions part itself which is actually kind of subclass of this violation. Thanks again, Zdenek

0