Check the default action of an F5 AFM Policy There is a specific section of the AFM config which refers to the default action of the firewall, the below query checks that the default action is Drop.F5 AFM Config to check for.}sys db tm.fw.defaultaction { value "drop"} /** * @intent Check that all F5's that are running AFM have the default action set to deny * @description THis will check sys db tm.fw.defaultaction for the value drop and error * if it is not drop. **/// Note {} have been removed as they can not be included in the pattern.defaultPattern = ```sys db tm.fw.defaultaction value "drop"```;foreach device in network.deviceswhere device.platform.os == OS.F5foreach command in device.outputs.commands//Check for only the F5's with AFM Configwhere command.commandType == CommandType.F5_AFM_CONFIG//Extract the command response.let AFMConfig = parseConfigBlocks(OS.F5,command.response)//Match the patternlet match = blockMatches(AFMConfig,defaultPattern)let violation = if length(match) == 0 then true else falselet DropActio
