ASM_RESPONSE_VIOLATION

Description

This event is triggered when ASM detects that a response violates an ASM security policy.

Examples

This example modifies the response page when the response scrubbing (a server side violation) is triggered by ASM.
when ASM_RESPONSE_VIOLATION
{

  set x [ASM::violation_data]

  for {set i 0} { $i < 7 } {incr i} {
      switch $i {
      0         { log local0. "violation=[lindex $x $i]" }
      1         { log local0. "support_id=[lindex $x $i]" }
      2         { log local0. "web_application=[lindex $x $i]" }
      3         { log local0. "severity=[lindex $x $i]" }
      4         { log local0. "source_ip=[lindex $x $i]" }
      5         { log local0. "attack_type=[lindex $x $i]" }
      6         { log local0. "request_status=[lindex $x $i]" }

   }}

   if {([lindex $x 0] contains "VIOLATION_RESPONSE_SCRUBBING")}
   {
      log local0. "VIOLATION_RESPONSE_SCRUBBING detected, let's modify"
      ASM::payload replace 0 5 "method"
   }
}