NimbostratusIs there a way to generate a baseline policy from an xml schema? I would figure that all the necessary items for a baseline policy should be able to be gathered from an uploaded schema... They could be populated as manual traffic learning items. Is this something that the ASM is already capable of that I haven't found yet?
CirrocumulusYes, ASM is capable of this functionality using Policy Export/Import function if you choose XML Export/Import.
AskF5 Knowledgebase solution SOL12619 has the schema information.
https://support.f5.com/kb/en-us/solutions/public/12000/600/sol12619.html
In addition to this ASM is capable of importing vulnerability scanner reports XML files and create security policy automatically mitigating the vulnerabilities.
ASM support XML reports produced by WhiteHat, Cenzic (now TrustWave), HP WebInspect and IBM AppScan. Additionally there is a "Generic Scanner" schema you can use - described in ASM manual here:
https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-11-5-0/4.htm
Hope this helps,
Sam
NimbostratusThanks for the help, but what I'm looking for is if I can take a schema of the web application I am trying to secure and populate the parameters, urls, etc from that schema through uploading the developer's xml schema.