Forum Discussion

HAP2711_342164's avatar
HAP2711_342164
Icon for Nimbostratus rankNimbostratus
Dec 08, 2017

Add signature to signature set using iControl REST API

Hello,

 

I wanted to know if it is possible to add a signature to a signature set using the REST API. I get a 501 Error with "Could not update the Signature Set. Method not implemented."

 

Thanks

 

ASM Advanced WAF
iControlREST
security
  • Kurt_Erickson's avatar
    Kurt_Erickson
    Icon for Employee rankEmployee
    Dec 12, 2020

    Need to see what you are using, however adding a signature might require using PATCH and it sounds as though you are using a POST.

  • Ivan_Chernenkii's avatar
    Ivan_Chernenkii
    Icon for Employee rankEmployee
    Dec 23, 2020

    Yes, it is possible.

    You can do it only for user-defined (not factory) signature set with "type": "manual".

    Also, you can update only single signature-set by ID. Update operation is not supported for all signature-sets.

    In addition, if you want to add signature to existing signatures (not replace all with new one), then you need to use additional appendnested=1 parameter in query string.

     

    You request should look like next:

    PATCH /mgmt/tm/asm/signature-sets/Mwgb4CF1d-FEFuioDxLD9w?appendnested=1 HTTP/1.1

    Host: my.host.com

    Content-Type: application/json

    Content-Length: 115

     

    {

      "signatures": [

        {

          "signatureId": 200101558

        }

      ],

      "type": "manual"

    }

     

    What RESTAPI request do you send?

     

    Thanks, Ivan

  • seamlessfirework's avatar
    seamlessfirework
    Icon for Cirrus rankCirrus
    Oct 13, 2023

    I had the same question. I create a custom signature set with all the recommended Log4J Signatures with this JSON body

    {
    "name": "attack-signatures-log4j",
    "assignToPolicyByDefault": true,
    "defaultAlarm": true,
    "type": "manual",
    "isUserDefined":true,
    "accuracyValue": "high",
    "signatureReferences": [
        {
            "link": "https://localhost/mgmt/tm/asm/signatures/FzyRtmjEB-RDeYxdV22Wcg"
        },
        {
            "link": "https://localhost/mgmt/tm/asm/signatures/6GEkbeeViqG1i1bCMLXdOA"
        },
        {
            "link": "https://localhost/mgmt/tm/asm/signatures/TDtAdP40B84UaYXLhMgIew"
        },
        {
            "link": "https://localhost/mgmt/tm/asm/signatures/rYiJHZdAYt0dhXlbxFVXFQ"
        },
        {
            "link": "https://localhost/mgmt/tm/asm/signatures/tOd2EOQdCzetaf2U3fHdKg"
        },
        {
            "link": "https://localhost/mgmt/tm/asm/signatures/r1KtsZ7eOufX3tm3P1rhUA"
        },
        {
            "link": "https://localhost/mgmt/tm/asm/signatures/NQyazwn_x4RzMCHvqv4GBw"
        },
        {
            "link": "https://localhost/mgmt/tm/asm/signatures/T-E0ExygzH1O3DNShs3QtA"
        },
        {
            "link": "https://localhost/mgmt/tm/asm/signatures/MFZSx7kIuGwhZDl8Vq85gA"
        }
    ],
    "defaultLearn": false,
    "defaultBlock": true
}