Forum Discussion

Altostratus

Nov 25, 2019

ASM - TMSH or export the attack signature enabled on a security policy

Hello, Does anyone know a way of listing or exporting the currently enabled attack signatures on a specific policy? I created a new one and the default plus 3 other sets arrive at 1442 atack si...

Cirrostratus

Nov 26, 2019

I'm not aware of any particularly simple ways to do this.

You can export the policies in XML format, but that only gives you the signature IDs, no names or descriptions.

Maybe have a look at this: https://support.f5.com/csp/article/K40533413

It says it applies to version 13+, but I checked and the REST API endpoints are there in version 12 as well.

Basically you query the API for the unique md5 hash ID of the policy, then you use that ID to get the signatures attached to that policy.

What the article doesn't mention: This procedure also only gives you a list of signature IDs and a reference link to another API endpoint /mgmt/tm/asm/signatures/<ID> where you can then finally fetch the signature details like name, description, etc.

Shouldn't be too hard to automate this, but it is unfortunately not a simple one liner.