Manual Chapter : Posting user information to a web service

Applies To:

Show Versions Show Versions
Manual Chapter

Posting user information to a web service

To post user information to a web service, you must first create a log publisher that points to the server of the web service.
Post information about a user to a web service if you want this information to be analyzed by a third-party web service, such as a risk engine, a SIEM, or some other back-end system that can use this information.
  1. On the Main tab, click
    Security
    Fraud Protection Service
    Anti-Fraud Profiles
    .
    The Anti-Fraud Profiles screen opens.
  2. From the list of profiles, select the relevant profile.
    The Anti-Fraud Profile Properties screen opens.
  3. In the Anti-Fraud Configuration area, click
    Rules
    .
    A list of alert types appears.
  4. In the list of alert types, click the alert type for which you want to define a system response.
    The alert type appears in the Rules area.
  5. In the Rules area, select the
    Enabled
    check box next to the alert type.
  6. If the alert type you selected is generated on the client-side by JavaScript, in the
    Minimum score to perform action
    field type a score between
    0-100
    .
    The
    Minimum score to perform action
    field only appears for alert types that are generated on the client-side by JavaScript.
  7. From the
    Action
    list, select
    Post to Web Service
    .
    The
    URL Path
    ,
    Publisher
    , and
    Payload
    fields appear.
  8. In the
    URL Path
    field, type the URL path of the web service.
  9. From the
    Publisher
    list, select a log publisher that is configured to the web service.
  10. In the
    Payload
    field, you can use the default payload, or type any valid payload in the POST request body format.
    The variables listed next to the text input field, which you can use in your payload, are replaced with the actual values when the BIG-IP system sends the post request.
  11. Click
    Save
    .
    The rule is now active.
The next time the BIG-IP system sends an alert of the type selected at step 4, the BIG-IP system sends a POST request to a web service with the following data:
  • user name
  • client IP address
  • event type
  • score
  • host header
  • application cookies
  • HTTP transaction ID generated by the system
  • fingerprint data collected on the client