ASM built-in Attack Signatures Details Questions

Hi, 1) The signatures you see at Security->Application Security->Attack Signatures are the signatures that were selected for the specific policy you are looking at. Options->Application Security->Attack Signatures contains the complete list of attack signatures the unit was loaded with. F5 does not expose the RegEx that the signature contains.

2) What you are looking for is called Staging. With ASM, every new signature that is introduced into the policy (whether by and automated signature updated, a manual addition, adding new signature types to the policy, etc.) is running in staging mode. This gives you the ability to check it against real time production traffic and see whether it's safe to enable, or is it causing false positives. Policy Builder can enforce (remove Staging) from a signature automatically, or an admin can do it manually. The default staging period is 7 days, after which, if no false positives were detected on a signature, it is safe to disable the staging checkbox.