support for f5 bigip #607

mahirchavda · 2024-07-31T13:37:28Z

No description provided.

cyences_app_for_splunk/default/savedsearches.conf

cyences_app_for_splunk/default/data/ui/views/cs_f5_bigip_asm.xml

hardikhdholariya · 2024-07-31T16:56:01Z

cyences_app_for_splunk/default/data/ui/views/cs_f5_bigip_asm.xml

+        <title>Attacks by IP</title>
+        <search>
+          <query>`cs_f5_asm`  attack_type!="N/A"  $tkn_src_ip$ $tkn_dest_ip$ $tkn_severity$
+| table _time ip_client src_port dest_ip dest_port manage_ip_addr x_fwd_hdr_val attack_type enforcement_action blocking_exception_reason client_type credential_stuffing_lookup_result device_id enforced_by geo_info http_class ip_addr_intelli ip_route_domain  login_result method mobile_application_name mobile_application_version policy_apply_date policy_name protocol protocol_info req_status resp_code route_domain severity sig_ids sig_names sub_violates threat_campaign_names unit_host uri username violate_details violate_rate violations virus_name  is_trunct


we don't need all these fields for upcoming stats command.

It is useful when we want to debug something by opening in the search query

cyences_app_for_splunk/default/data/ui/views/cs_f5_bigip_asm.xml

support for f5 bigip

bdefe61

mahirchavda requested review from VatsalJagani and hardikhdholariya July 31, 2024 13:37

missing part

0115a80

VatsalJagani reviewed Jul 31, 2024

View reviewed changes

cyences_app_for_splunk/default/savedsearches.conf Outdated Show resolved Hide resolved

minor change

ed4e6c6