Applies To:
Show VersionsEnterprise Manager
- 3.1.1
Overview: Application Security Manager device management
You can use Enterprise Manager to easily create and deploy security policies, logging profiles, and IP address exception lists to a large set of BIG-IP Application Security Manager devices.
About ASM security policies
At the core of Application Security Manager are customized security policies that are tailored to your network environment based on settings that you specify. Instead of logging in to each Application Security Manager device to administer these security policies, you can use Enterprise Manager to import, export, and deploy security policies from one central location.
Importing an ASM security policy
- On the Main tab, click .
- Click the Import button.
-
For the Import Method setting, select an option:
- Select Import Security Policy from Device to choose a device on which you have a security policy
- Select Upload Security Policy to browse to a location where you have saved a security policy.
-
If you are importing the security policy from a device:
-
If you are importing a security policy from a saved file:
Deploying an ASM security policy to devices running version 11.3.0 or later
You can deploy a security policy to one or more managed BIG-IP Application Security Manager devices, without having to log in to each of those devices individually.
Exporting an ASM security policy
About attack signatures
Attack signatures are the foundation of the BIG-IP Application Security Manager system's negative security logic. Attack signatures are rules or patterns that identify attacks, or classes of attacks, on a web application and its components. Enterprise Manager can help you easily manage attack signatures for managed Application Security Manager devices by helping you easily obtain and deploy them to your managed BIG-IP Application Security Manager devices.
Scheduling automatic attack signature file downloads
You can create a schedule for Enterprise Manager to check for, and download, newly updated attack signature definitions for images stored in the image repository. This feature helps you avoid performing unnecessary and potentially frequent manual checks for updated attack signature files.
Manually checking and downloading updated attack signature files
Creating an alert for attack signature updates
Installing an attack signature
An attack signature file must be downloaded (automatically by Enterprise Manager or manually) before you can install it on a managed BIG-IP Application Security Manager device. Before installation, verify that the attack signature is the most recent version available.
About logging profiles for ASM
Enterprise Manager manages BIG-IP Application Security Manager logs through logging profiles. A logging profile determines where events are logged, and which items (such as which parts of requests, or which type of errors) are logged.
You can create a logging profile that stores logs locally on the managed device, or you can configure the managed device to forward log messages to a remote server.
Creating an ASM logging profile for local storage
Deploying an ASM local storage logging profile to a managed device
- On the Main tab, click .
- Click the select button next to the profile name you want to deploy and click the Deploy button.
- From the Deploy to list, select Devices.
- From the Device List, select an option to narrow the list to a specific device.
- Select the check box next to the device to which you want to deploy this logging profile and click the Deploy button.
Creating an ASM logging profile for remote storage
Deploying an ASM remote logging profile to a remote virtual server
About ASM IP address exception lists
IP address lists contain specified IP addresses that you have deemed as trusted. Managed BIG-IP Application Security Manager devices do not generate Policy Builder learning suggestions for traffic sent from these IP addresses, which reduces unnecessary traffic.
Creating an ASM IP address exception list
- On the Main tab, click .
- Click the Create button.
- In the List Name field, type a unique name for this list.
-
To import an IP address list:
- Click the Import List button.
- Click the select button next to the device from which you want to import the IP address list, and click the Next button.
- Select the button next to the security policy from which you want to import the IP address list, and click the Next button.
- Select the check box next to each IP address exception list you want to add, and click the Done button.
-
To add a new IP address exception list and define its properties:
Deploying an ASM IP address exception list
Overview: Viewing analytics for multiple ASM devices
You can use Enterprise Manager to view reports for managed BIG-IP Application Security Manager devices that are provisioned for Application Visibility and Reporting (AVR).
Analytics reports provide detailed metrics about application performance such as transactions per second, server and client latency, request and response throughput, and sessions. Metrics are provided for applications, virtual servers, pool members, URLs, specific countries, and additional detailed statistics about application traffic running through one or more managed devices. You can view the analytics reports for a single device, view aggregated reports for a group of devices, and create custom lists to view analytics for only specified devices. In this way, Enterprise Manager provides centralized analytics reporting.