Forum Discussion
CirrusAdd Systems signature to an existing ASM policy
Ok I think I got it now.
First if my doubt about the different results with my previous filtering example on Wordpress was because OS has available Wordpress signatures (Security ›› Options : Application Security : Attack Signatures : Attack Signature List) and they were not applied to the policy (Security ›› Application Security : Attack Signatures). Correct?
Secondly I succesfully managed to update the signatures applied to a policy without rebuilding from scratch. For the record:
1/ Go in Security ›› Application Security : Policy Building : Learning and Blocking Settings to update policy signatures applied and click on the Signature set to update:
2/ Do required changes including the name of Signature set and click Update (here only PHP for the example):
3/ Check changes
I think this make the trick thanks all to your help but do you validate this method?
Thank you very much!
NimbostratusHi,
The only way i can think of, is to create a new attack signature list. Under Security -> options -> attack signature -> attack signature set. Then assign what system signature you want to add.
After creation of the new signature set, go to security -> application security -> attack signature -> attack signature configuration then move the newly created set under the assigned signature sets and choose either to learn or alarm or black.
That would do it.
Regards
Hussein
