For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

carol's avatar
carol
Icon for Altostratus rankAltostratus
Nov 25, 2019

ASM - TMSH or export the attack signature enabled on a security policy

Hello,   Does anyone know a way of listing or exporting the currently enabled attack signatures on a specific policy? I created a new one and the default plus 3 other sets arrive at 1442 atack si...
ASM Advanced WAF
security
TMSH
gersbah's avatar
gersbah
Icon for Cirrostratus rankCirrostratus
Nov 26, 2019

I'm not aware of any particularly simple ways to do this.

 

You can export the policies in XML format, but that only gives you the signature IDs, no names or descriptions.

 

 

Maybe have a look at this: https://support.f5.com/csp/article/K40533413

It says it applies to version 13+, but I checked and the REST API endpoints are there in version 12 as well.

 

Basically you query the API for the unique md5 hash ID of the policy, then you use that ID to get the signatures attached to that policy.

What the article doesn't mention: This procedure also only gives you a list of signature IDs and a reference link to another API endpoint /mgmt/tm/asm/signatures/<ID> where you can then finally fetch the signature details like name, description, etc.

 

Shouldn't be too hard to automate this, but it is unfortunately not a simple one liner.

carol's avatar
carol
Icon for Altostratus rankAltostratus
Nov 26, 2019

Thank you! I just checked the article. sounds indeed the way to go. Let me test :)