Hi, is there way to extract the list of IPs that were blocked by ASM in last 24 hours with tmsh or irule. The idea is to put top abusers in a global block list. Highly appreciate your suggestions.
Thanks and br,
A couple of ideas:
You could use an iRule to extract IP address information from each ASM_REQUEST_BLOCKING event, push that information into a datagroup and then make that datagroup available as the content for a feed, which can then be queried by the system creating the global block list.
You can configure the ASM to send email reports on a periodic basis, sending them to a recipient system which consumes the reports and populates the global block list.