Attack signature file location in the file system

Question

Hi;&nbsp;
Where in the BIGIP file system is the attack signature file stored. Also, when an admin downloads the latest signature file, is it just the delta or the whole list of signatures&nbsp;
Kindly
Wasfi&nbsp;

samstep · Answer

ASM attack signatures are not stored in a file on BIG-IP - these are stored in the ASM's internal mySQL database.&nbsp;

swo0sh_gt_13163 · Answer

Hello Folks,&nbsp;
I have just figured this out.
You can get the internal ASM Signatures by generating as ASM QKview and looking for the following file.&nbsp;
ASM Qkview:
nice -n19 asmqkview -s0 --add-proxy-log&nbsp;
Once the QKview is generated, open it in 7ZIP. On the root you will find the file name "asm_module.xml". Open it in any editor and look for the signature you want to analyze.&nbsp;
I have also opened a new thread at DC for the same, I think I would need to update it.&nbsp;
Cheers!
Darshan&nbsp;

swo0sh_gt_13163 · Answer

Hello Folks,

It seems the file I am referring contains only USER-DEFINED signatures and not the default signatures come with the appliance.

Sorry, my bad.
Please share the solution if anyone finds.

Forum Discussion

Attack signature file location in the file system

3 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Software Downgrade from version 17.x.x to 15.x.x

Error diskmonitor

CPU utilization of F5OS on r2600

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

Hardware replacement i2800 to r2600

Related Content

November Security Research Update: Newly Released Attack Signatures

Custom Attack Signatures

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Wildcard Parameter signature attack

Post-Quantum Cryptography, OpenSSH, & s1ngularity supply chain attack

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS