Using an iRule, can I send ASM data collected to a remote end point? I want to send the violation data I am capturing to an API. This would allow us to inject suitable responses back in to our custom applications when events such as malicious file uploads occur.
The only thought I have on this is to use a sideband connection once a violation is triggered.
I'm a total newbie in regards to ASM, but I have to ask: Is there any way to pull the data instead Nathan?
Hey Patrick. Yes, you could use REST to pull the details from the ASM event log. ASM and REST not fully compatible yet but this you should be able to do.
Thanks Nathan, happy new year btw!
Happy New Year mate.
Hi Guys, Thanks for the comments. Unfortunately for the scenario at hand a pull data from the asm log won't give the solution I'm after.
I have setup an ICAP server to scan HTTP uploads when they come in. When a Virus is Detected I can block/alert and respond directly back to the client as per any other violation. What I want to do is send a message to an API only when a virus is detected. As a result, this would need to be done on the fly rather than retrospectively as pulling data from the request log would be. For the case of reporting, the pull request will be suitable.
Nathan, I'm looking at your suggestion of a sideband connection. This is not something I am familiar with however after only a quick read about sideband connections, this looks like it could be what I am after. Thank you again. It is always greatly appreciated to have an active helpful community. Happy new year guys.