F5 Networks® and High-Tech Bridge Technology Alliance Partnership
Guide on Vulnerability Data Import from ImmuniWeb® to F5® BIG-IP® ASM®
The Technology Alliance Program (TAP) partnership established between High-Tech Bridge and F5, enables companies and organizations to reliably detect web application vulnerabilities and deploy reliable virtual patching in just a few clicks.
1) Login to ImmuniWeb Customer Portal and create new On-Demand or Continuous assessment project:
2) On the first step of the project creation wizard, click on the “Show Vulnerability Data XML Export Options” section to expand it:
Then select “F5 BIG-IP ASM WAF” from the list of available Web Application Firewalls
3) Vulnerability Data Export from ImmuniWeb:
3.1 For ImmuniWeb On-Demand projects, once the assessment is finished, you can download an XML file with detected vulnerabilities in F5 format as displayed on the screenshot below:
3.2 For ImmuniWeb Continuous projects, at any time when there are any vulnerabilities in “Unpatched Vulnerabilities” or “Archived Vulnerabilities” tabs of the dashboard, you can download XML file with the vulnerabilities in F5 BIG-IP ASM® for any vulnerabilities from the tab selected by risk level, detection date, type, or status as displayed on the screenshot below:
Save the XML file on your local or network drive.
4) Login to the F5 BIG-IP Application Security Manager Configuration Utility. In the left-side menu go to: Security -> Application Security -> Vulnerability Assessments ->Vulnerabilities:
5) Click on the grey “Import…” button, and then on the “Browse…” button to select the XML file previously exported from ImmuniWeb:
6) Select the vulnerabilities for which you need to deploy virtual patching from the list and click on the “Import” button:
7) The virtual patching for the selected vulnerabilities shall now be deployed. Consider removing the XML files with vulnerability data from any insecure or temporary locations.
The present guide is presented “as is” without any warranty of any kind. Please refer to ImmuniWeb Terms of Service for additional details.
Latest Update: 9th of January 2017