ASM attack signature staging for specific attack signature

Question

Hi All, I would like to perform signature blocking setting (Alarm, Block) for specific attack signature (Signature ID).&nbsp;
How can i do it on BIG-IP version 11.5 ?&nbsp;
&nbsp;

erik_novak · Answer

Individual signatures cannot be assigned directly to security policies, nor can the learn, alarm, and block flags be set on an individual signature basis. "Signature sets" are entities which are assigned to specific security policies. Different signature sets may require a different level of blocking which apply only to them. When a signature set is assigned to a policy, the blocking action (learn/alarm/block) can be set differently for each assigned set.

boneyard · Answer

while Erik is right you could work around this by creating your own signature set with just that signature in it. this will get annoying if you have many signatures you want this for, but if it is just a couple it might help you out.

k_k_thet_162361 · Answer

Thanks Erik and Boneyard, &nbsp;
If F5 can allow us to do signature staging setting for specific attack signatures in signature set, it is more flexible to configure attack signature.&nbsp;

Forum Discussion

ASM attack signature staging for specific attack signature

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

BoT Defense Profile, Signature Enforcement

ASM irule to disable attack signature authorization header with specific value

Wildcard Parameter signature attack

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS