Attack Signature Staging Audit / History

Question

Hi Team,

I have just started my attack signature journey being automatically pushed out via Big-IQ and loving the fact that I no longer have to deal with change windows etc! Currently my production system is just setup for auto updates and still require manually activation out of staging to be enabled.

In my Nonprod environment, I have the same autoupdate of attack signatures for the last few months and have setup autostaging ( I think I have! ) by setting my staged time to 14 days. The question is, is there a log/history/event that I can view that shows when attack signatures move out of staging and where the heck do I find it ?

nag · Answer

Hi,&nbsp;1) Go to Security&nbsp;&nbsp;››&nbsp;&nbsp;Application Security&nbsp;:&nbsp;Attack Signatures2) Select the ASM policy you want to work with3) In advanced search section, set Staging value to "ready to be enforced" and click on Go.&nbsp;Hope this helps,Nag&nbsp;

danielpenna · Answer

Hi Nag,

Probably didnt explain my question very well. I have set up a 14 day time period for staging, so the assumption is after the 14 days these staged signatures go into blocking with the policy ( if staging is succesful ). I am trying to find on the F5 WHERE the logs for this transition from staging to blocking is.

Forum Discussion

Attack Signature Staging Audit / History

Recent Discussions

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

SSL bridging without SSL proxy forward

Should config via cli rather than gui?

Related Content

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

Getting Started with iControl: History

view access policy changes history APM

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

promble with Perform Staging

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS