ASM custom attack signature filter set

Question

Hi All,&nbsp;
Try to figure out if it´s possible to create a customized "Signature Filter". We use quite a lot of virtual servers with same backend (UNIX, Apache and some more). And if we use UNIX from available Systems in signatur set. It´s always block on "commande execution" and vi (It´s we in Swedish and occure quite often in "free text" posts) and some other. &nbsp;
&nbsp;Yes, I know that I can go in in learning and disable that "attack signature" but it would be nice if we could create our own "attack signatur system" and use that when we create our "signature filter set" insted of finetune every time we add a new "Web Policy"&nbsp;
&nbsp;Best regards&nbsp;
&nbsp;Goranb&nbsp;

jwham20 · Answer

Goranb, 
&nbsp;  
&nbsp; What version are your currently running on?  
&nbsp;  It may be possible to create a custom attack signature set, that contains all the signatures of the "unix" set, minus the undesired signature.  
&nbsp;  
&nbsp; -&gt; Josh

goran_blomquis1 · Answer

Hi Josh, 
&nbsp;  
&nbsp; Currently running bersion 10.2.0 1755.1 
&nbsp;  
&nbsp; Goran

nathe · Answer

Goran 
&nbsp;  
&nbsp; To create a custom Attack Signature Set in the GUI under Application Security click on Options. Select Attack Signatures - Attack Signature Sets and then select Create. you can then filter in, or out, attack signatures. 
&nbsp;  
&nbsp; Is this what you're after? 
&nbsp;  
&nbsp; Rgds 
&nbsp; N

goran_blomquis1 · Answer

Thank you Nathan for your feedback. 
&nbsp;  
&nbsp; Mmm... 
&nbsp;  
&nbsp; I can select a "system" and create a "Attack Signature Set" with for example "UNIX". But what I want to achive is an modified "UNIX" Attacksignture set. Is that possible in 10.2.0... If not It is possible in version 11.*.* ? Or can I modify and copy "system set" in cli? 
&nbsp;  
&nbsp; Best regards 
&nbsp;  
&nbsp; Göran Blomquist 
&nbsp;  &nbsp;

jwham20 · Answer

Göran, 
&nbsp;  
&nbsp; Make sure at the very top you select Type: Manual. This will give you the option to individually select signatures that belong to the unix/linux set to make active in your custom signature set. 
&nbsp;  
&nbsp; -&gt; Josh &nbsp;

Forum Discussion

ASM custom attack signature filter set

8 Replies

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Azure Virtual Machine Scale Set (VMSS) with F5 LTM

F5 DNS Generic Host

Which encyrtion algorithm is used when making Kerberos ticket encyrtion.

F5 Reporting Options

Creating Client SSL Profile using Certs from a new CA

Related Content

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Blocking Spam with Custom Attack Signatures

Wildcard Parameter signature attack

Exploit PowerShell, Ransomware Attack Report, Active Cyber Defense, Attack to GPS

Live Update- ASM attack signatures

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS