Forum Discussion
CirrusAdd Systems signature to an existing ASM policy
Greetings everyone,
I'd like to update System signatures applied to a policy without having to build it again from scratch. That would save me a lot of time, yeah I'm a little bit lazy but above all I do not want to take the risk to forget one specific setting. That's why a simple update would be just great but I cannot find loud and clear info about it in the doc.
So let's say I have an ASM policy with below System signatures enabled:
And now for instance I'd like to add MySQL System signatures to this ASM policy.
Do you know if thre is a way to achieve this without re-configuring completely the policy?
Thanks for your help.
Regards.
Ok I think I got it now.
First if my doubt about the different results with my previous filtering example on Wordpress was because OS has available Wordpress signatures (Security ›› Options : Application Security : Attack Signatures : Attack Signature List) and they were not applied to the policy (Security ›› Application Security : Attack Signatures). Correct?
Secondly I succesfully managed to update the signatures applied to a policy without rebuilding from scratch. For the record:
1/ Go in Security ›› Application Security : Policy Building : Learning and Blocking Settings to update policy signatures applied and click on the Signature set to update:
2/ Do required changes including the name of Signature set and click Update (here only PHP for the example):
3/ Check changes
I think this make the trick thanks all to your help but do you validate this method?
Thank you very much!
Just navigate to Security ›› Options : Application Security : Attack Signatures : Attack Signature Sets
Create a new set, and apply a filter to it that contains whatever you wish (Systems like MySQL, for example), and add it to your policy (From the policy's Signature menu item, or from the Learning and Blocking settings page, depending on the version).
Hussein_GhazyNimbostratus
Hi,
The only way i can think of, is to create a new attack signature list. Under Security -> options -> attack signature -> attack signature set. Then assign what system signature you want to add.
After creation of the new signature set, go to security -> application security -> attack signature -> attack signature configuration then move the newly created set under the assigned signature sets and choose either to learn or alarm or black.
That would do it.
Regards
Hussein
Sylvain_85827Hi Tzoori,
Thanks for your reply. I precise I'm using version 12 and in fact what you suggest to do is what I intend to do as well but something made me doubt. Let me explain.
If I filter among all the available System signatures on the System (Security ›› Options : Application Security : Attack Signatures : Attack Signature List), and for instance I filter on WordPress I get below results:
But if I do the same on one policy I'd like to update (Security ›› Application Security : Attack Signatures), no result at all is returned whereas I use the same filter:
Do you have an explanation?
Thanks again.
- Sylvain_85827
Ok I think I got it now.
First if my doubt about the different results with my previous filtering example on Wordpress was because OS has available Wordpress signatures (Security ›› Options : Application Security : Attack Signatures : Attack Signature List) and they were not applied to the policy (Security ›› Application Security : Attack Signatures). Correct?
Secondly I succesfully managed to update the signatures applied to a policy without rebuilding from scratch. For the record:
1/ Go in Security ›› Application Security : Policy Building : Learning and Blocking Settings to update policy signatures applied and click on the Signature set to update:
2/ Do required changes including the name of Signature set and click Update (here only PHP for the example):
3/ Check changes
I think this make the trick thanks all to your help but do you validate this method?
Thank you very much!
