Bug ID 624956: AVR: Changes to some entities on AVR DNS tmsh reports

Last Modified: May 01, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM, AVR(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5

Fixed In:
14.0.0

Opened: Oct 26, 2016
Severity: 3-Major

Symptoms

Some entities have been changed for AVR DNS reports on TMSH command. The attack-type entity is no longer available since DNS no longer provides this information to AVR, instead, there is attack-vector entity. The transaction-outcome entity was renamed to dns-transaction-outcome as part of clear separation for all transaction-outcomes.

Impact

Old scripts that using the previous entities for DNS reports will break.

Conditions

Accessing AVR DNS reports using TMSH

Workaround

N/A

Fix Information

The attack-type entity is no longer available on AVR reports for DNS. Instead, the attack-vector (vector) entity is provided to AVR. The transaction-outcome entity was renamed to dns-transaction-outcome on AVR reports.

Behavior Change