Forum Discussion

Wasfi_182818's avatar
Wasfi_182818
Icon for Altostratus rankAltostratus
Feb 17, 2016

Attack signature file location in the file system

Hi;   Where in the BIGIP file system is the attack signature file stored. Also, when an admin downloads the latest signature file, is it just the delta or the whole list of signatures   Kindly ...
ASM Advanced WAF
security
swo0sh_gt_13163's avatar
swo0sh_gt_13163
Icon for Altostratus rankAltostratus
Feb 17, 2016

Hello Folks,

 

I have just figured this out. You can get the internal ASM Signatures by generating as ASM QKview and looking for the following file.

 

ASM Qkview: nice -n19 asmqkview -s0 --add-proxy-log

 

Once the QKview is generated, open it in 7ZIP. On the root you will find the file name "asm_module.xml". Open it in any editor and look for the signature you want to analyze.

 

I have also opened a new thread at DC for the same, I think I would need to update it.

 

Cheers! Darshan

 

  • swo0sh_gt_13163's avatar
    swo0sh_gt_13163
    Icon for Altostratus rankAltostratus
    Feb 17, 2016
    Hello Folks, It seems the file I am referring contains only USER-DEFINED signatures and not the default signatures come with the appliance. Sorry, my bad. Please share the solution if anyone finds.