F5 ASM and Arcsight Integration

Question

Good day everyone! &nbsp;
We are planning on integrating the Arcsight SIEM to F5 ASM.&nbsp;
Does anyone know what is the minimum EPS to send logs to the Arcsight.&nbsp;
An article will be very helpful. &nbsp;
Thank you!&nbsp;

samstep · Answer

It depends on what you want to log (All Requests or Violations Only). In Production environments it is recommended to log only the Violations if EPS is an issue. How many EPS really depends on how frequently your application is attacked and many violations per second are being logged and whether you have applied any filters (you can choose what to log!). EPS can be 1 in normal use and can be 1000 or more during a DDOS attack.&nbsp;
Here is the Configuring Application Security Event Logging manual:&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-5-0/12.html&nbsp;

Forum Discussion

F5 ASM and Arcsight Integration

1 Reply

Recent Discussions

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

ASM instance creation

Can iRule mask the payload content on event logs of security

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

F5Access | MacOS Sonoma

Related Content

Making Mobile SDK Integration Ridiculously Easy with F5 XC Mobile SDK Integrator

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

Ensuring Security in Continuous Integration and Continuous Deployment (CI/CD) Pipelines

Integrating SSL Orchestrator with Fortinet FortiGate Virtual Edition as a Virtual Wire

Integrating SSL Orchestrator with CheckPoint Firewall VM-Explicit Proxy