This script is to retrieve events from an ASM (Application Security Manager) device.
1.0 released on 24th Jan 2023
Few examples
Display All events : # asmevents --host x.x.x.x -u <username>
Display only blocked events : # asmevents --host x.x.x.x -s blocked -u <username>
Display only legal events : # asmevents --host x.x.x.x -s legal -u <username>--host: The IP address or hostname of the ASM device.-u,--user: The username to use for authentication.-s,--status: The status of events to retrieve. Choices are: "legal", "illegal", "blocked", "unblocked", "challenged", "all".-rq: When set, print raw request data.
- If the
--hostargument is not provided, the script will exit with an error message. - If the
-uor--userargument is not provided, the script will use the default value of "admin". - If the
-sor--statusargument is not provided, the script will retrieve all events. - If the
-rqargument is not provided, the script won't retrieve raw requsets data.
python3 asmevents.py --host lab.es.com
The status is set to all if -s isn't used; to pull specific status records, use the flag -s or --status
The user is set to default GUI admin, to use different username use the flag -u or --user
Enter password for the user admin:
βββββββββββββββββββββββ€ββββββββββββββ€βββββββββββββββββββ€βββββββββββββ€ββββββββββββββββ€βββββββββββββββββββββ€βββββββββββββββββββ
β Event ID β Source IP β Destination IP β Protocol β Source Port β Destination Port β Request Status β
βββββββββββββββββββββββͺββββββββββββββͺβββββββββββββββββββͺβββββββββββββͺββββββββββββββββͺβββββββββββββββββββββͺβββββββββββββββββββ‘
β 9855905000251722760 β 10.1.29.1 β 10.1.156.207 β HTTP/1.1 β 50482 β 80 β blocked β
βββββββββββββββββββββββΌββββββββββββββΌβββββββββββββββββββΌβββββββββββββΌββββββββββββββββΌβββββββββββββββββββββΌβββββββββββββββββββ€
β 9855905000251722752 β 10.1.29.1 β 10.1.156.207 β HTTP/1.1 β 54136 β 80 β blocked β
βββββββββββββββββββββββΌββββββββββββββΌβββββββββββββββββββΌβββββββββββββΌββββββββββββββββΌβββββββββββββββββββββΌβββββββββββββββββββ€
β 9855905000251722744 β 10.1.29.1 β 10.1.156.207 β HTTP/1.1 β 50640 β 80 β blocked β
βββββββββββββββββββββββΌββββββββββββββΌβββββββββββββββββββΌβββββββββββββΌββββββββββββββββΌβββββββββββββββββββββΌβββββββββββββββββββ€
β 9855905000251722736 β 10.1.29.1 β 10.1.156.207 β HTTP/1.1 β 39570 β 80 β blocked β
βββββββββββββββββββββββΌββββββββββββββΌβββββββββββββββββββΌβββββββββββββΌββββββββββββββββΌβββββββββββββββββββββΌβββββββββββββββββββ€
β 9855905000251722690 β 10.1.29.1 β 10.1.156.207 β HTTP/1.1 β 47818 β 80 β blocked β
βββββββββββββββββββββββΌββββββββββββββΌβββββββββββββββββββΌβββββββββββββΌββββββββββββββββΌβββββββββββββββββββββΌβββββββββββββββββββ€
β 9855905000251722728 β 10.1.29.1 β 10.1.156.207 β HTTP/1.1 β 56062 β 80 β blocked β
βββββββββββββββββββββββΌββββββββββββββΌβββββββββββββββββββΌβββββββββββββΌββββββββββββββββΌβββββββββββββββββββββΌβββββββββββββββββββ€
β 9855905000251722682 β 10.1.29.1 β 10.1.156.207 β HTTP/1.1 β 57072 β 80 β blocked β
βββββββββββββββββββββββ§ββββββββββββββ§βββββββββββββββββββ§βββββββββββββ§ββββββββββββββββ§βββββββββββββββββββββ§βββββββββββββββββββpython3 asmevents.py --host lab.es.com -rq
The status is set to all if -s isn't used; to pull specific status records, use the flag -s or --status
The user is set to default GUI admin, to use different username use the flag -u or --user
Enter password for the user admin:
βββββββββββββββββββββββ€ββββββββββββββ€βββββββββββββββββββ€βββββββββββββ€ββββββββββββββββ€βββββββββββββββββββββ€βββββββββββββββββββ€ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Event ID β Source IP β Destination IP β Protocol β Source Port β Destination Port β Request Status β Raw Request β
βββββββββββββββββββββββͺββββββββββββββͺβββββββββββββββββββͺβββββββββββββͺββββββββββββββββͺβββββββββββββββββββββͺβββββββββββββββββββͺββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ‘
β 9855905000251722760 β 10.1.29.1 β 10.1.156.207 β HTTP/1.1 β 50482 β 80 β blocked β GET / HTTP/1.1 β
β β β β β β β β Host: 209.71.214.63 β
β β β β β β β β Connection: keep-alive β
β β β β β β β β sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" β
β β β β β β β β sec-ch-ua-mobile: ?1 β
β β β β β β β β sec-ch-ua-platform: "Android" β
β β β β β β β β Upgrade-Insecure-Requests: 1 β
β β β β β β β β User-Agent: Mozilla/5.0 (Linux; Android 13; SM-A715W) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Mobile Safari/537.36 β
β β β β β β β β Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 β
β β β β β β β β Sec-Fetch-Site: none β
β β β β β β β β Sec-Fetch-Mode: navigate β
β β β β β β β β Sec-Fetch-User: ?1 β
β β β β β β β β Sec-Fetch-Dest: document β
β β β β β β β β Accept-Encoding: gzip, deflate, br β
β β β β β β β β Accept-Language: fr-CA,fr-FR;q=0.9,fr;q=0.8,en-US;q=0.7,en;q=0.6 β
βββββββββββββββββββββββΌββββββββββββββΌβββββββββββββββββββΌβββββββββββββΌββββββββββββββββΌβββββββββββββββββββββΌβββββββββββββββββββΌββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β 9855905000251722752 β 10.1.29.1 β 10.1.156.207 β HTTP/1.1 β 54136 β 80 β blocked β GET / HTTP/1.1 β
β β β β β β β β Host: 209.71.214.63 β
β β β β β β β β Connection: keep-alive β
β β β β β β β β sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" β
β β β β β β β β sec-ch-ua-mobile: ?1 β
β β β β β β β β sec-ch-ua-platform: "Android" β
β β β β β β β β Upgrade-Insecure-Requests: 1 β
β β β β β β β β User-Agent: Mozilla/5.0 (Linux; Android 13; SM-A715W) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Mobile Safari/537.36 β
β β β β β β β β Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 β
β β β β β β β β Sec-Fetch-Site: none β
β β β β β β β β Sec-Fetch-Mode: navigate β
β β β β β β β β Sec-Fetch-User: ?1 β
β β β β β β β β Sec-Fetch-Dest: document β
β β β β β β β β Accept-Encoding: gzip, deflate, br β
β β β β β β β β Accept-Language: fr-CA,fr-FR;q=0.9,fr;q=0.8,en-US;q=0.7,en;q=0.6 β
βββββββββββββββββββββββΌββββββββββββββΌβββββββββββββββββββΌβββββββββββββΌββββββββββββββββΌβββββββββββββββββββββΌβββββββββββββββββββΌββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β 9855905000251722744 β 10.1.29.1 β 10.1.156.207 β HTTP/1.1 β 50640 β 80 β blocked β GET / HTTP/1.1 β
β β β β β β β β Host: 209.71.214.63 β
β β β β β β β β Connection: keep-alive β
β β β β β β β β sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" β
β β β β β β β β sec-ch-ua-mobile: ?1 β
β β β β β β β β sec-ch-ua-platform: "Android" β
β β β β β β β β Upgrade-Insecure-Requests: 1 β
β β β β β β β β User-Agent: Mozilla/5.0 (Linux; Android 13; SM-A715W) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Mobile Safari/537.36 β
β β β β β β β β Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 β
β β β β β β β β Sec-Fetch-Site: none β
β β β β β β β β Sec-Fetch-Mode: navigate β
β β β β β β β β Sec-Fetch-User: ?1 β
β β β β β β β β Sec-Fetch-Dest: document β
β β β β β β β β Accept-Encoding: gzip, deflate, br β
β β β β β β β β Accept-Language: fr-CA,fr-FR;q=0.9,fr;q=0.8,en-US;q=0.7,en;q=0.6 β
βββββββββββββββββββββββΌββββββββββββββΌβββββββββββββββββββΌβββββββββββββΌββββββββββββββββΌβββββββββββββββββββββΌβββββββββββββββββββΌββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β 9855905000251722736 β 10.1.29.1 β 10.1.156.207 β HTTP/1.1 β 39570 β 80 β blocked β GET / HTTP/1.1 β
β β β β β β β β Host: 209.71.214.63 β
β β β β β β β β Connection: keep-alive β
β β β β β β β β sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" β
β β β β β β β β sec-ch-ua-mobile: ?1 β
β β β β β β β β sec-ch-ua-platform: "Android" β
β β β β β β β β Upgrade-Insecure-Requests: 1 β
β β β β β β β β User-Agent: Mozilla/5.0 (Linux; Android 13; SM-A715W) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Mobile Safari/537.36 β
β β β β β β β β Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 β
β β β β β β β β Sec-Fetch-Site: none β
β β β β β β β β Sec-Fetch-Mode: navigate β
β β β β β β β β Sec-Fetch-User: ?1 β
β β β β β β β β Sec-Fetch-Dest: document β
β β β β β β β β Accept-Encoding: gzip, deflate, br β
β β β β β β β β Accept-Language: fr-CA,fr-FR;q=0.9,fr;q=0.8,en-US;q=0.7,en;q=0.6 β
βββββββββββββββββββββββΌββββββββββββββΌβββββββββββββββββββΌβββββββββββββΌββββββββββββββββΌβββββββββββββββββββββΌβββββββββββββββββββΌββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β 9855905000251722690 β 10.1.29.1 β 10.1.156.207 β HTTP/1.1 β 47818 β 80 β blocked β GET / HTTP/1.1 β
β β β β β β β β Host: 209.71.214.63 β
β β β β β β β β Connection: keep-alive β
β β β β β β β β sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" β
β β β β β β β β sec-ch-ua-mobile: ?1 β
β β β β β β β β sec-ch-ua-platform: "Android" β
β β β β β β β β Upgrade-Insecure-Requests: 1 β
β β β β β β β β User-Agent: Mozilla/5.0 (Linux; Android 13; SM-A715W) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Mobile Safari/537.36 β
β β β β β β β β Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 β
β β β β β β β β Sec-Fetch-Site: none β
β β β β β β β β Sec-Fetch-Mode: navigate β
β β β β β β β β Sec-Fetch-User: ?1 β
β β β β β β β β Sec-Fetch-Dest: document β
β β β β β β β β Accept-Encoding: gzip, deflate, br β
β β β β β β β β Accept-Language: fr-CA,fr-FR;q=0.9,fr;q=0.8,en-US;q=0.7,en;q=0.6 β
βββββββββββββββββββββββΌββββββββββββββΌβββββββββββββββββββΌβββββββββββββΌββββββββββββββββΌβββββββββββββββββββββΌβββββββββββββββββββΌββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β 9855905000251722728 β 10.1.29.1 β 10.1.156.207 β HTTP/1.1 β 56062 β 80 β blocked β GET / HTTP/1.1 β
β β β β β β β β Host: 209.71.214.63 β
β β β β β β β β Connection: keep-alive β
β β β β β β β β sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" β
β β β β β β β β sec-ch-ua-mobile: ?1 β
β β β β β β β β sec-ch-ua-platform: "Android" β
β β β β β β β β Upgrade-Insecure-Requests: 1 β
β β β β β β β β User-Agent: Mozilla/5.0 (Linux; Android 13; SM-A715W) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Mobile Safari/537.36 β
β β β β β β β β Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 β
β β β β β β β β Sec-Fetch-Site: none β
β β β β β β β β Sec-Fetch-Mode: navigate β
β β β β β β β β Sec-Fetch-User: ?1 β
β β β β β β β β Sec-Fetch-Dest: document β
β β β β β β β β Accept-Encoding: gzip, deflate, br β
β β β β β β β β Accept-Language: fr-CA,fr-FR;q=0.9,fr;q=0.8,en-US;q=0.7,en;q=0.6 β
βββββββββββββββββββββββΌββββββββββββββΌβββββββββββββββββββΌβββββββββββββΌββββββββββββββββΌβββββββββββββββββββββΌββββββββββββββββββΌββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β 9855905000251722682 β 10.1.29.1 β 10.1.156.207 β HTTP/1.1 β 57072 β 80 β blocked β GET / HTTP/1.1 β
β β β β β β β β Host: 209.71.214.63 β
β β β β β β β β Connection: keep-alive β
β β β β β β β β sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" β
β β β β β β β β sec-ch-ua-mobile: ?1 β
β β β β β β β β sec-ch-ua-platform: "Android" β
β β β β β β β β Upgrade-Insecure-Requests: 1 β
β β β β β β β β User-Agent: Mozilla/5.0 (Linux; Android 13; SM-A715W) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Mobile Safari/537.36 β
β β β β β β β β Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 β
β β β β β β β β Sec-Fetch-Site: none β
β β β β β β β β Sec-Fetch-Mode: navigate β
β β β β β β β β Sec-Fetch-User: ?1 β
β β β β β β β β Sec-Fetch-Dest: document β
β β β β β β β β Accept-Encoding: gzip, deflate, br β
β β β β β β β β Accept-Language: fr-CA,fr-FR;q=0.9,fr;q=0.8,en-US;q=0.7,en;q=0.6 β
βββββββββββββββββββββββ§ββββββββββββββ§βββββββββββββββββββ§βββββββββββββ§ββββββββββββββββ§βββββββββββββββββββββ§βββββββββββββββββββ§ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ