Forum Discussion
Rajit_171155
Nimbostratus
NimbostratusBest practices for attack signature update/maintenance on ASM
We are looking for suggestions regarding best practices for attack signature update/maintenance on ASM in an university environment. We would like to have inputs for the following questions
How...
Thomas_Gobet_91
Cirrostratus
CirrostratusI think there isn't any step by step documentation to do that by policy.
What you have is updating process by platform.
The only thing which is different is you have to update manually your policy with only what you want to activate. One problem would be on modification during your QA tests.
If you want to modify your prod policy it will load changes from your attack signatures update.
- Rajit_171155I would appreciate if you could elaborate more on how to update the policy manually. We have two exactly similar policy one for QA environment and for Prod. Once I update the attach signature ( security>options>attack signature update) how can I push the updates to the policies? I am not able to find any options in the menu to apply the attack signature updates to individual policy. Running code 11.2 and 11.5.1
- nathe
Cirrocumulus
you won't, all policies will be updated. once the staging period is over (enforcement readiness) you'll see that you can enforce those attack signatures on each policy. see the Overview - Application - Action Items screen 
xunil321_122934Sorry for my ignorance! Let's say the 'Generic Detection Signature' set released 1st of Nov is assigned to my policy app_test. Once I update the Attack Signature on 1st of Dec does this mean that the former 'Generic Detection Signature' set will be overwritten by the new one automatically?
