Forum Discussion

Mike_Nepomny's avatar
Mike_Nepomny
Icon for Nimbostratus rankNimbostratus
Jan 04, 2011

ASM->Policy->get_violation_flags()

Hi,

 

 

I am getting all violations from the policy except "Attack signature detected". Are there any way to get "Attack signature detected" violation with ASM->Policy->get_violation_flags() or any other method?

 

 

Thank you.

 

3 Replies

  • Hi Mike,

     

     

     

    I haven't used iControl with ASM before, but maybe it looks like you can set an Attack Sig via iControl on an Object parameter. I don't see anything in the iControl ASM wiki for the attack sigs that would be applied to headers or URLs though. Nor do I see any references to attack sig sets (not the updates of the global attack signatures but the collection of signatures that can be assigned to a policy in groups). Anyone have ideas on this?

     

     

    http://devcentral.f5.com/wiki/default.aspx/iControl/ASM__ObjectParams__add_or_update_object_param_with_characteristics.html

     

     

    I guess the object could have a URI of * and param name of * for a global parameter.

     

     

    http://devcentral.f5.com/wiki/default.aspx/iControl/ASM__ObjectParams__AttackSignatureDefinition.html

     

    http://devcentral.f5.com/wiki/default.aspx/iControl/ASM__ObjectParams.html

     

     

    Aaron
  • Hi Aaron,

     

     

    Are there any way to fetch violations from traffic learning ?

     

     

    Thank you.

     

  • Hi Mike,

     

     

    I don't believe that you can retrieve the learning suggestions via iControl based on a quick read through of the ASM portion of the iControl API:

     

     

    http://devcentral.f5.com/wiki/default.aspx/iControl/ASM.html

     

     

    You could confirm this with a case with F5 Support. If the functionality doesn't exist now, you could open a request for enhancement.

     

     

    Aaron