Forum Discussion
Add signature to signature set using iControl REST API
Hello,
I wanted to know if it is possible to add a signature to a signature set using the REST API. I get a 501 Error with "Could not update the Signature Set. Method not implemented."
Thanks
I had the same question. I create a custom signature set with all the recommended Log4J Signatures with this JSON body
{ "name": "attack-signatures-log4j", "assignToPolicyByDefault": true, "defaultAlarm": true, "type": "manual", "isUserDefined":true, "accuracyValue": "high", "signatureReferences": [ { "link": "https://localhost/mgmt/tm/asm/signatures/FzyRtmjEB-RDeYxdV22Wcg" }, { "link": "https://localhost/mgmt/tm/asm/signatures/6GEkbeeViqG1i1bCMLXdOA" }, { "link": "https://localhost/mgmt/tm/asm/signatures/TDtAdP40B84UaYXLhMgIew" }, { "link": "https://localhost/mgmt/tm/asm/signatures/rYiJHZdAYt0dhXlbxFVXFQ" }, { "link": "https://localhost/mgmt/tm/asm/signatures/tOd2EOQdCzetaf2U3fHdKg" }, { "link": "https://localhost/mgmt/tm/asm/signatures/r1KtsZ7eOufX3tm3P1rhUA" }, { "link": "https://localhost/mgmt/tm/asm/signatures/NQyazwn_x4RzMCHvqv4GBw" }, { "link": "https://localhost/mgmt/tm/asm/signatures/T-E0ExygzH1O3DNShs3QtA" }, { "link": "https://localhost/mgmt/tm/asm/signatures/MFZSx7kIuGwhZDl8Vq85gA" } ], "defaultLearn": false, "defaultBlock": true }
- Ivan_ChernenkiiEmployee
Yes, it is possible.
You can do it only for user-defined (not factory) signature set with "type": "manual".
Also, you can update only single signature-set by ID. Update operation is not supported for all signature-sets.
In addition, if you want to add signature to existing signatures (not replace all with new one), then you need to use additional appendnested=1 parameter in query string.
You request should look like next:
PATCH /mgmt/tm/asm/signature-sets/Mwgb4CF1d-FEFuioDxLD9w?appendnested=1 HTTP/1.1
Host: my.host.com
Content-Type: application/json
Content-Length: 115
{
"signatures": [
{
"signatureId": 200101558
}
],
"type": "manual"
}
What RESTAPI request do you send?
Thanks, Ivan
- Kurt_EricksonEmployee
Need to see what you are using, however adding a signature might require using PATCH and it sounds as though you are using a POST.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com