Customer Objective:

The customer is seeking the ability to generate F5 XC alerts at FQDN level with granular details. Specifically, they want the system to provide the following:

• Information about which WAF signature was triggered for an alert.

• The associated action (e.g., blocked, allowed, logged) taken as a result of the signature.

• Tailored insights for individual FQDNs instead of general or aggregated alerts.

This level of detail is essential for effective monitoring, incident analysis, and fine-tuning security policies at the FQDN level.

Technical Limitation:

Currently, the F5 XC platform does not support:

1. FQDN-Level Granularity for Alerts:

   • Alerts are generated globally or at a broader scope, but they lack context specific to individual FQDNs.

   • The platform cannot break down L-7 alerts to a specific FQDN to highlight which endpoint triggered the alert.

2. Detailed Breakdown of WAF Signatures:

   • The alerts do not include specifics about which WAF rule or signature was applied for a particular security event.

   • This limitation prevents customers from understanding the exact cause of the alert or the triggered WAF action.

Without this level of granularity and transparency in the alert mechanism, it becomes challenging for customers to isolate incidents or accurately monitor F5 XC.

Next Steps:

1. Feature Enhancement Proposal to Product Team:

   • Enhance the alerting mechanism in F5 XC to provide granular visibility at the FQDN level in the dashboard or API response.

   • Allow the platform to associate WAF signatures and actions with FQDN-specific alerts and include them in the payload or logs.

This updated functionality will not only fulfill customer requirements but also improve the overall usability and value proposition of the F5 XC platform. Please let me know if further refinements are needed!