Forum Discussion

HAP2711_342164's avatar
HAP2711_342164
Icon for Nimbostratus rankNimbostratus
Dec 08, 2017

Add signature to signature set using iControl REST API

Hello,

 

I wanted to know if it is possible to add a signature to a signature set using the REST API. I get a 501 Error with "Could not update the Signature Set. Method not implemented."

 

Thanks

 

  • I had the same question. I create a custom signature set with all the recommended Log4J Signatures with this JSON body

    {
        "name": "attack-signatures-log4j",
        "assignToPolicyByDefault": true,
        "defaultAlarm": true,
        "type": "manual",
        "isUserDefined":true,
        "accuracyValue": "high",
        "signatureReferences": [
            {
                "link": "https://localhost/mgmt/tm/asm/signatures/FzyRtmjEB-RDeYxdV22Wcg"
            },
            {
                "link": "https://localhost/mgmt/tm/asm/signatures/6GEkbeeViqG1i1bCMLXdOA"
            },
            {
                "link": "https://localhost/mgmt/tm/asm/signatures/TDtAdP40B84UaYXLhMgIew"
            },
            {
                "link": "https://localhost/mgmt/tm/asm/signatures/rYiJHZdAYt0dhXlbxFVXFQ"
            },
            {
                "link": "https://localhost/mgmt/tm/asm/signatures/tOd2EOQdCzetaf2U3fHdKg"
            },
            {
                "link": "https://localhost/mgmt/tm/asm/signatures/r1KtsZ7eOufX3tm3P1rhUA"
            },
            {
                "link": "https://localhost/mgmt/tm/asm/signatures/NQyazwn_x4RzMCHvqv4GBw"
            },
            {
                "link": "https://localhost/mgmt/tm/asm/signatures/T-E0ExygzH1O3DNShs3QtA"
            },
            {
                "link": "https://localhost/mgmt/tm/asm/signatures/MFZSx7kIuGwhZDl8Vq85gA"
            }
        ],
        "defaultLearn": false,
        "defaultBlock": true
    }
  • Yes, it is possible.

    You can do it only for user-defined (not factory) signature set with "type": "manual".

    Also, you can update only single signature-set by ID. Update operation is not supported for all signature-sets.

    In addition, if you want to add signature to existing signatures (not replace all with new one), then you need to use additional appendnested=1 parameter in query string.

     

    You request should look like next:

    PATCH /mgmt/tm/asm/signature-sets/Mwgb4CF1d-FEFuioDxLD9w?appendnested=1 HTTP/1.1

    Host: my.host.com

    Content-Type: application/json

    Content-Length: 115

     

    {

      "signatures": [

        {

          "signatureId": 200101558

        }

      ],

      "type": "manual"

    }

     

    What RESTAPI request do you send?

     

    Thanks, Ivan

  • Need to see what you are using, however adding a signature might require using PATCH and it sounds as though you are using a POST.