For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sylvain_85827's avatar
Sylvain_85827
Icon for Cirrus rankCirrus
Mar 17, 2016
Solved

Add Systems signature to an existing ASM policy

Greetings everyone,   I'd like to update System signatures applied to a policy without having to build it again from scratch. That would save me a lot of time, yeah I'm a little bit lazy but above...
ASM Advanced WAF
security
  • Sylvain_85827's avatar
    Sylvain_85827
    Mar 17, 2016

    Ok I think I got it now.

     

    First if my doubt about the different results with my previous filtering example on Wordpress was because OS has available Wordpress signatures (Security ›› Options : Application Security : Attack Signatures : Attack Signature List) and they were not applied to the policy (Security ›› Application Security : Attack Signatures). Correct?

     

    Secondly I succesfully managed to update the signatures applied to a policy without rebuilding from scratch. For the record:

     

    1/ Go in Security ›› Application Security : Policy Building : Learning and Blocking Settings to update policy signatures applied and click on the Signature set to update:

     

     

    2/ Do required changes including the name of Signature set and click Update (here only PHP for the example):

     

     

    3/ Check changes

     

     

    I think this make the trick thanks all to your help but do you validate this method?

     

    Thank you very much!

     

Tzoori_Tamam_95's avatar
Tzoori_Tamam_95
Historic F5 Account
Mar 17, 2016

Just navigate to Security ›› Options : Application Security : Attack Signatures : Attack Signature Sets

 

Create a new set, and apply a filter to it that contains whatever you wish (Systems like MySQL, for example), and add it to your policy (From the policy's Signature menu item, or from the Learning and Blocking settings page, depending on the version).