Forum Discussion

Goran_Blomquis1's avatar
Icon for Nimbostratus rankNimbostratus
Nov 01, 2011

ASM custom attack signature filter set

Hi All,


Try to figure out if it´s possible to create a customized "Signature Filter". We use quite a lot of virtual servers with same backend (UNIX, Apache and some more). And if we use UNIX from available Systems in signatur set. It´s always block on "commande execution" and vi (It´s we in Swedish and occure quite often in "free text" posts) and some other.



Yes, I know that I can go in in learning and disable that "attack signature" but it would be nice if we could create our own "attack signatur system" and use that when we create our "signature filter set" insted of finetune every time we add a new "Web Policy"



Best regards





8 Replies

  • Goranb,



    What version are your currently running on?


    It may be possible to create a custom attack signature set, that contains all the signatures of the "unix" set, minus the undesired signature.



    -> Josh
  • nathe's avatar
    Icon for Cirrocumulus rankCirrocumulus



    To create a custom Attack Signature Set in the GUI under Application Security click on Options. Select Attack Signatures - Attack Signature Sets and then select Create. you can then filter in, or out, attack signatures.



    Is this what you're after?





  • Thank you Nathan for your feedback.






    I can select a "system" and create a "Attack Signature Set" with for example "UNIX". But what I want to achive is an modified "UNIX" Attacksignture set. Is that possible in 10.2.0... If not It is possible in version 11.*.* ? Or can I modify and copy "system set" in cli?



    Best regards



    Göran Blomquist



  • Göran,



    Make sure at the very top you select Type: Manual. This will give you the option to individually select signatures that belong to the unix/linux set to make active in your custom signature set.



    -> Josh


  • Example:


    access Options -> Attack signatures -> Attack Signature Sets



    Click Create



    Name: Awesomesetofawesomeness


    Type: Manual


    Assigned Systems: Unix/Linux



    Signatures: Assign whatever signatures you wish from the Unix/linux set.



    Click Create and bam, should be good.



    -> Josh
  • Ah!!!!






    Manual! I did not see that! Thanks for pointing that out! You maked my day....



    Thanks a lot



  • Goran,



    No worries mate, glad to help!