Manual Chapter : Customizing Automatic Transaction default settings

Applies To:

Show Versions Show Versions

BIG-IP ASM

  • 16.0.0
Manual Chapter

Customizing Automatic Transaction default settings

Customize the Automatic Transaction default settings if you want to change one or more of the automatic transaction alert scores.
  1. On the Main tab, click
    Security
    Data Protection
    BIG-IP DataSafe
    .
    The BIG-IP DataSafe screen opens.
  2. From the list of profiles, select the relevant profile.
    The DataSafe Profile Properties screen opens.
  3. In the DataSafe Configuration area, click
    URL List
    .
    The URL List opens.
  4. Click the URL or view on which you want to customize Automatic Transactions default settings (or click
    Add URL
    or
    Add View
    if you want to define a new URL or view with Automatic Transactions detection).
    The URL Properties (or View Properties) screen opens.
  5. In the URL Configuration (or View Configuration) area, select
    Automatic Transactions
    .
    The Automatic Transactions configuration options appear.
  6. Ensure that the
    Enabled
    check box for
    Automatic Transactions
    is selected.
  7. Click
    Advanced
    .
    The Automatic Transactions advanced settings are listed.
  8. For
    Tampered Cookie Score
    , type a number to add to the total risk score of the anti-fraud profile if the system detects that the Transactions Data cookie was removed.
  9. For
    Data Manipulation Score
    , type a number to add to the total risk score of the anti-fraud profile if the system detects data manipulation in one of the following situations:
    • If the HTTP request sent or received by the URL is URL-encoded and one or more parameters have the
      Check Data Manipulation
      attribute, the BIG-IP system checks for a difference between the actual value of a parameter and the expected value of a parameter sent when a user clicks a web form’s Submit button. If a difference is detected the score entered here is added to the total risk score of the anti-fraud profile, for each parameter marked with
      Check Data Manipulation
      .
    • If the HTTP request is not URL-encoded and
      Check AJAX Payload for Data Manipulation
      is enabled, the BIG-IP system checks for a difference between the actual value of the Ajax payload sent by the client's browser and the expected value of the Ajax payload. If a difference is detected, the score entered here is added to the total risk score of the anti-fraud profile.
  10. For
    Data Manipulation Maximum Score
    , type a number to limit the total combined score that can be added to an alert score when the BIG-IP system detects that data manipulation occurred on two or more parameters.
    For example, if you set
    Data Manipulation Score
    to 20 and the value here is 50, if the system detects data manipulation on 3 parameters a value of 50 is added to the alert score instead of 60 (which is the actual combined value).
    Data Manipulation Maximum Score
    is only relevant if the HTTP parameters are in query string or form format and two or more URL parameters have the
    Check Data Manipulation
    attribute.
  11. For
    Minimum Score to Send Alert
    , type a number for the minimum total score required to send an alert to the FPS Dashboard.
  12. Click
    Save
    .
    The changes you made to the Automatic Transactions settings are saved.