Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

iRule to send violation data to a remote end point

Hi Guys,

Using an iRule, can I send ASM data collected to a remote end point? I want to send the violation data I am capturing to an API. This would allow us to inject suitable responses back in to our custom applications when events such as malicious file uploads occur.

Thank you

0
Rate this Question
Comments on this Question
Comment made 01-Jan-2017 by nathan 7352

The only thought I have on this is to use a sideband connection once a violation is triggered.

0
Comment made 04-Jan-2017 by Patrik Jonsson 3524

I'm a total newbie in regards to ASM, but I have to ask: Is there any way to pull the data instead Nathan?

/Patrik

0
Comment made 04-Jan-2017 by nathan 7352

Hey Patrick. Yes, you could use REST to pull the details from the ASM event log. ASM and REST not fully compatible yet but this you should be able to do.

1
Comment made 05-Jan-2017 by Patrik Jonsson 3524

Thanks Nathan, happy new year btw!

0
Comment made 05-Jan-2017 by nathan 7352

Happy New Year mate.

0
Comment made 05-Jan-2017 by saidshow 333

Hi Guys, Thanks for the comments. Unfortunately for the scenario at hand a pull data from the asm log won't give the solution I'm after.

I have setup an ICAP server to scan HTTP uploads when they come in. When a Virus is Detected I can block/alert and respond directly back to the client as per any other violation. What I want to do is send a message to an API only when a virus is detected. As a result, this would need to be done on the fly rather than retrospectively as pulling data from the request log would be. For the case of reporting, the pull request will be suitable.

0
Comment made 05-Jan-2017 by saidshow 333

Nathan, I'm looking at your suggestion of a sideband connection. This is not something I am familiar with however after only a quick read about sideband connections, this looks like it could be what I am after. Thank you again. It is always greatly appreciated to have an active helpful community. Happy new year guys.

0

Answers to this Question