ASM Violations¶
Overview¶
Module Name in API¶
bigip-asm-violations
Product Name in API¶
local-traffic
Dimensions¶
| Dimension | Name in API | Description |
|---|---|---|
| Severity | severity | The severity of the violations |
| Virtual Server | virtual | |
| BIG-IP Blade Number | slot-id | Used for BIG-IP Chassis with multiple blades. A value of 0 means this is a non chassis BIG-IP, any other value tells the serial number of the blade in the chassis |
| Client IP | client-ip | |
| Attack Type | attack-type | |
| ASM Policy Name | asm-policy-name | |
| Virus Name | virus-name | |
| BIG-IP Host Name | hostname | The hostname given to the BIG-IP |
| Network Protocol | protocol | |
| Application Service | applicationService | |
| Violation | violation | |
| Violation Rating | asm-violation-rating | Severity rating of the violations |
| BIG-IP Service Cluster | dsc-name | Clusters of BIG-IPs grouped together to have the same config |
| Application | applications | |
| Action | security-action | The action a security module took with this transaction/packet, such as allow or block |
MetricSets¶
Violations¶
Description¶
Name In API¶
violations-count
Metrics in the metricSet¶
| Metric | Name in API | Unit | Description |
|---|---|---|---|
| Total Violations Count | count | violations | Total number of violations that took place among all the transactions |
| Violations/s | avg-count-per-sec | violations/s | Average number of violations took place among all the transactions, per second |
Examples¶
By Time Query¶
A query by time returns a series of data points in time, based on optional filters, time range, and time granularity. This query kind is identified by the keyword: “ap:query:stats:byTime”
POST https://<address>/mgmt/ap/query/v1/tenants/default/products/local-traffic/metric-query
This example for JSON body in the post, filters by dimension severity and get the count of violations-count
{
"kind": "ap:query:stats:byTime",
"module": "bigip-asm-violations",
"timeRange": {
"from": "-1h",
"to": "now"
},
"timeGranularity": {
"duration": 30,
"unit": "SECONDS"
},
"aggregations": {
"violations-count$count": {
"metricSet": "violations-count",
"metric": "count"
}
},
"dimensionFilter": {
"type": "eq",
"dimension": "severity",
"value": "value to filter by"
}
}
By Entities Query¶
A query by entities returns a sort set of entities, based on optional filters, time range, and choosen metric to sort by. This query kind is identified by the keyword: “ap:query:stats:byEntities”
POST https://<address>/mgmt/ap/query/v1/tenants/default/products/local-traffic/metric-query
This example for JSON body in the post, gets top entities of type severity, sorted by count of violations-count
{
"kind": "ap:query:stats:byEntities",
"module": "bigip-asm-violations",
"timeRange": {
"from": "-1H",
"to": "now"
},
"dimension": "severity",
"sortMetric": "violations-count$count",
"sortOrder": "desc",
"aggregations": {
"violations-count$count": {
"metricSet": "violations-count",
"metric": "count"
}
},
"limit": 5
}
Entities Count Query¶
An entities count query returns the distinct count of entities, based on optional filters, time range, and choosen entity type. This query kind is identified by the keyword: “ap:query:stats:entitiesCount”
POST https://<address>/mgmt/ap/query/v1/tenants/default/products/local-traffic/metric-query
This example for JSON body in the post, gets the distinct count of entities of type severity
{
"kind": "ap:query:stats:entitiesCount",
"module": "bigip-asm-violations",
"dimension": "severity",
"timeRange": {
"from": "-1h",
"to": "now"
}
}